Denial of Service Vulnerability in Cisco Prime Network Registrar
CVE-2017-6613

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Network Registrar
Vendor
CVE Published:
20 April 2017

Summary

A vulnerability exists in the DNS input packet processor of Cisco Prime Network Registrar which could allow an unauthenticated, remote attacker to exploit the system. When a malformed DNS packet is sent to the application, insufficient validation of the DNS packet header occurs. This exploitation can cause the DNS process to restart unexpectedly, potentially resulting in a denial of service condition. All versions of Cisco Prime Network Registrar prior to 8.3.5 are affected, highlighting the importance of applying the recommended updates to maintain system stability.

Affected Version(s)

Cisco Prime Network Registrar Cisco Prime Network Registrar

References

http://www.securityfocus.com/bid/97924
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038331
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.