Memory Exhaustion Vulnerability in Cisco IoT Field Network Director
CVE-2017-6780

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Iot Field Network Director
Vendor: CVE Published:; 7 September 2017

Summary

A vulnerability in the TCP throttling process of Cisco's IoT Field Network Director allows unauthenticated remote attackers to send a high volume of TCP packets to specific listening ports, leading to memory exhaustion. This can result in the targeted system consuming excessive memory, ultimately forcing it to restart, which creates a temporary denial of service condition. The vulnerability is primarily a result of insufficient rate-limiting protection and affects specific releases of the Connected Grid Network Management System and IoT Field Network Director.

Affected Version(s)

Cisco IoT Field Network Director Cisco IoT Field Network Director

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100641

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2017
Vulnerability Reserved
Mar 9, 2017