TCP Throttling Vulnerability in Cisco Prime Network
CVE-2018-0137

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Prime Network
Vendor: CVE Published:; 8 February 2018

What is CVE-2018-0137?

A vulnerability in the TCP throttling mechanism of Cisco Prime Network allows remote, unauthenticated attackers to generate a denial of service condition. This occurs due to inadequate rate limiting on TCP listening ports. By bombarding the device with a high volume of TCP SYN packets directed at the local IP address, attackers may consume excess memory, leading to sluggish performance or rendering the device unable to accept new TCP connections.

Affected Version(s)

Cisco Prime Network Cisco Prime Network

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102955

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2018
Vulnerability Reserved
Nov 27, 2017