—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability

Advisory ID: cisco-sa-20170906-fnd

Revision: 1.0

For Public Release: 2017 September 6 16:00 GMT

Last Updated: 2017 September 6 16:00 GMT

CVE ID(s): CVE-2017-6780

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart.

The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZsB6EZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmnhBAAx/39rzLQo/uOslTB
ie5WLzpW8sAktGeXeLJHnvxKY5u9inBL7v4aLWXzbH8vts+sBKw9TtpCir3CGek8
Z8YAxdwGLY014QQkqsKxCGcFP7vALEdQjOV77vmLJNTlByiINHqkqnGcE+yFWqwD
15GCLGy7t8RAkZJJTUPZaEF4kvRbe1/jJKiDWBq1mT2ET+Ez7btvN6V/CTKCMefd
6EmMCgcF/qfZlppAHPnjCyq5135aO1hunwDTEeVgMhlgmThbl5iYyELg5q+aOuXy
PeGUEh1sHRwW6tnNiw1XeRrKbBWrkjxB/OxN0Q8zeMXmaCRQsjSiAwk7rvqi8V5E
MZKhwJjHHC/ty+pBTgMf+gFxm/3M+LQI8DeQhHS0oAUtkcNjJp7seJm9rlHlwRNy
eee5vf6gFphMTQu/7xvlF8XDnFCq47kHUmkgG7Az7HarHDsBAbToDBeevK4u0sjW
y5bQUgXRJWqTWl88vRJnNAhx+a2JQTe6hJLe70E+93sC7SG8v8M+By5oKUNOPIPV
ekqurs2UPhJNweF/87m/i9bK+cHheTobUAMTEAXylqElrXuTmhZY/rlwCrrQ9FBW
FAvLo0gRHSy7aWpHpnT6OcGHkMyvK2Bx/Famvfo//k7/R29KKPk6VafqYm45UgfY
dX6qS/tnfag4H0ONuudWjt36Sdo=
=M8eU
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com