CVE-2017-6745 (GCVE-0-2017-6745)
Vulnerability from cvelistv5 – Published: 2017-08-07 06:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Videoscape Distribution Suite Cache Server |
Affected:
Cisco Videoscape Distribution Suite Cache Server
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Videoscape Distribution Suite Cache Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Videoscape Distribution Suite Cache Server"
}
]
}
],
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "100106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Videoscape Distribution Suite Cache Server",
"version": {
"version_data": [
{
"version_value": "Cisco Videoscape Distribution Suite Cache Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100106"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6745",
"datePublished": "2017-08-07T06:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-6745\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-08-07T06:29:00.323\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el servidor cach\u00e9 de Cisco Videoscape Distribution Suite (VDS) para Television 3.2(5)ES1 podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo objetivo. Esto se debe a que un exceso de conexiones mapeadas agota los recursos asignados del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de grandes cantidades de tr\u00e1fico de entrada a un dispositivo, con el objetivo de sobrecargar ciertos recursos. Si se tiene \u00e9xito, el dispositivo podr\u00eda recargarse, provocando una denegaci\u00f3n de servicio. Cisco Bug IDs: CSCvc39260.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.2\\\\(5\\\\)es1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A8C50F3-DE69-4810-9C9B-43950B326905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.2\\\\(6\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D322339B-01E5-4AE5-A646-49CE3EB170F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.2\\\\(7\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"547B1AE2-7081-4AB3-A3C9-31DBF4B47543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.3\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7806199-2882-4166-B5B5-565413723C30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.4\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D77783F4-B383-4F83-B173-721452D2C3A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.4\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A091D4E-C9A4-41C1-BA65-5607D6737EAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AA47AE-E9F2-4CD7-BBE4-5903408C4D90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.5\\\\(1\\\\)-cos:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9FC6B01-E93C-4B96-BD6B-154D6355EE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AF3BB3-5885-4312-9EAC-276C455E3AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.8\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299E89B7-2B29-4DB1-8B8A-D98F4AA5E326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:3.9\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23943C16-7A8B-49FC-95FF-ECA0C738D4CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:4.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6663090A-8ED5-47B2-A53F-CAE8EC5A1E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:4.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AFBB802-6352-4BAD-9532-BDF72DB348A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:4.1\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F84055DF-CB8F-4608-AB36-E32E85AED5AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:4.1\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CFA6A35-DA36-4798-BF2C-6017DC4F0114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:4.2\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A20369-73B9-4E4B-943B-01A65F2ECB54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:videoscape_distribution_suite_for_television:4.4\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4238E3F5-C174-4DEF-A0AE-5C38C998EDBA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100106\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…