Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability

cisco-sa-20170906-ios-udp · Medium · Published · Updated

A vulnerability in the UDP processing code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition.  The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp

Cisco advisory · CSAF JSON

Workarounds

To work around this vulnerability, administrators can set a maximum hold queue value that is greater than 250 for all device interfaces. The following example shows how to set the value to 350 by using the hold queue in interface configuration command:

Router# configure terminal
Router(config)# interface gigabitEthernet 1 Router(config-if)# hold-queue 350 in

Administrators can also configure an access-control list (ACL) that blocks UDP packets with a destination port of 0 and apply the ACL to all device interfaces, for example:

Extended IP access list 180
10 deny udp any any eq 0

CVEsCVE-2017-6627
Cisco Bug IDsCSCup10024, CSCva95506, CSCve64219, CSCvc96281
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS, Cisco IOS XE Software 3.14.0S, Cisco IOS XE Software 3.14.1S, Cisco IOS XE Software 3.14.2S, Cisco IOS XE Software 3.14.3S, Cisco IOS XE Software 3.14.4S, Cisco IOS XE Software 3.15.0S, Cisco IOS XE Software 3.15.1S, Cisco IOS XE Software 3.15.2S, Cisco IOS XE Software 3.15.1cS, Cisco IOS XE Software 3.15.3S, Cisco IOS XE Software 3.15.4S, Cisco IOS XE Software 3.16.0S, Cisco IOS XE Software 3.16.1S, Cisco IOS XE Software 3.16.0aS, Cisco IOS XE Software 3.16.1aS, Cisco IOS XE Software 3.16.2S, Cisco IOS XE Software 3.16.2aS, Cisco IOS XE Software 3.16.0bS, Cisco IOS XE Software 3.16.0cS, Cisco IOS XE Software 3.16.3S, Cisco IOS XE Software 3.16.2bS, Cisco IOS XE Software 3.16.3aS, Cisco IOS XE Software 3.16.4S, Cisco IOS XE Software 3.16.4aS, Cisco IOS XE Software 3.16.4bS, Cisco IOS XE Software 3.16.4gS, Cisco IOS XE Software 3.16.5S, Cisco IOS XE Software 3.16.4cS, Cisco IOS XE Software 3.16.4dS, Cisco IOS XE Software 3.16.4eS, Cisco IOS XE Software 3.16.6S, Cisco IOS XE Software 3.16.5aS, Cisco IOS XE Software 3.16.5bS, Cisco IOS XE Software 3.17.0S, Cisco IOS XE Software 3.17.1S, Cisco IOS XE Software 3.17.2S, Cisco IOS XE Software 3.17.1aS, Cisco IOS XE Software 3.17.3S, Cisco IOS XE Software 3.18.0aS, Cisco IOS XE Software 3.18.0S, Cisco IOS XE Software 3.18.1S, Cisco IOS XE Software 3.18.2S, Cisco IOS XE Software 3.18.3S, Cisco IOS XE Software

Related Products

Product CVE Evidence
Cisco IOS CVE-2017-6627 Cisco OpenVuln
Cisco IOS XE Software CVE-2017-6627 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches CVE-2017-6627 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2017-6627 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2017-6627 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2017-6627 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2017-6627 Cisco OpenVuln · software-dependent