Denial of service in Cisco IOS/IOS XE - CVE-2017-6627
Published: September 7, 2017 / Updated: March 8, 2022
Vulnerability identifier: #VU8142
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-6627
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS/IOS XE
Cisco IOS/IOS XE
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the UDP processing code due to the application changes that create UDP sockets and leave the sockets idle without closing them. A remote attacker can send UDP packets with a destination port of 0, cause UDP packets to be held in the input interfaces queue and trigger application to crash.
Successful exploitation of the vulnerability results in denial of service.
The vulnerability exists in the UDP processing code due to the application changes that create UDP sockets and leave the sockets idle without closing them. A remote attacker can send UDP packets with a destination port of 0, cause UDP packets to be held in the input interfaces queue and trigger application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-6627
The vulnerability is addressed in the following versions: 15.5(1.10.1)GB, 15.5(1.3)T, 15.5(0.20)PI27a, 15.5(0.16.1)CG, 15.5(0.16)T, 15.4(3)M8, 15.4(2)T3, 15.4(2)T2.1, 16.3.3, 16.3.3a, 11.3.3, 16.3(2.21).