CVE-2017-6653
HIGHCisco Identity Services Engine 2.1(0.474) - Unauthenticated Denial of Service via TCP Connection Flood
Title source: llmDescription
A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98536
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038516
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise
Scores
CVSS v3
7.5
EPSS
0.0214
EPSS Percentile
79.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-399
CWE-770
Status
published
Products (2)
cisco/identity_services_engine
2.1\(0.474\)
n/a/Cisco Identity Services Engine
Cisco Identity Services Engine
Published
May 22, 2017
Tracked Since
Feb 18, 2026