CVE-2017-6627

CVE Database · CVE-2017-6627

CVE-2017-6627

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

6.04%

Published

Sep 7, 2017

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-399CWE-404

Affected Products (71)

cisco · iosvulnerable

cisco · ios

References (7)

http://www.securityfocus.com/bid/100644

Third Party AdvisoryVDB EntryBroken Link

http://www.securitytracker.com/id/1039289

Third Party AdvisoryVDB EntryBroken Link

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp

MitigationVendor Advisory

http://www.securityfocus.com/bid/100644

Third Party AdvisoryVDB EntryBroken Link

http://www.securitytracker.com/id/1039289

KEV Catalog EPSS Scores Vendors All CVEs