CVE-2017-6641

A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/98532	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:remote_expert_manager:11.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-22 01:29

Updated : 2023-12-10 12:01

NVD link : CVE-2017-6641

Mitre link : CVE-2017-6641

CVE.ORG link : CVE-2017-6641

JSON object : View

Products Affected

cisco

remote_expert_manager

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-399

Resource Management Errors

{"id": "CVE-2017-6641", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-22T01:29:00.477", "references": [{"url": "http://www.securityfocus.com/bid/98532", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de manejo de la conexi\u00f3n TCP de Remote Expert Manager Software versi\u00f3n 11.0.0 de Cisco, podr\u00eda permitir a un atacante no autenticado remoto deshabilitar los puertos TCP y causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un sistema afectado. La vulnerabilidad es debido a la falta de la funcionalidad de limitaci\u00f3n de velocidad en la aplicaci\u00f3n TCP Listen del programa afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un flujo de tr\u00e1fico TCP en el que se inundan tipos espec\u00edficos de paquetes TCP a un dispositivo afectado, por ejemplo, un flujo de paquetes TCP en el que el bit FIN de TCP se establece en todos los paquetes TCP. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante hacer que ciertos puertos de escucha de TCP en el sistema afectado dejen de aceptar conexiones entrantes durante un per\u00edodo de tiempo o hasta que se reinicie el dispositivo afectado, resultando en una condici\u00f3n DoS. Adem\u00e1s, los recursos del sistema, como la CPU y la memoria, podr\u00edan agotarse durante el ataque. IDs de Bug de Cisco: CSCva29806."}], "lastModified": "2019-10-09T23:28:53.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:remote_expert_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1FBE8C1-28EE-41E6-AFCB-719EAC7A0685"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}