CVE-2016-2774

5.9MEDIUM

Key Information

Vendor: Isc
Status: Dhcp
Vendor: CVE Published:; 9 March 2016

Summary

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 9, 2016
Vulnerability Reserved.
Feb 26, 2016

Collectors

NVD DatabaseMitre Database