CVE-2017-6678

Name of the Vulnerable Software and Affected Versions Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software versions 19.2 through 21.0

Description The issue is related to insufficient handling of user-supplied data in the ingress UDP packet processing functionality. An unauthenticated, remote attacker can cause a denial of service (DoS) condition by sending crafted UDP packets to the distributed instance (DI) network addresses of both control function (CF) instances on an affected system. This can lead to an unhandled error condition, causing the CF instances to reload, which in turn causes the entire VPC to reload, resulting in the disconnection of all subscribers. The vulnerability can be exploited via IPv4 traffic only.

Recommendations For Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software versions 19.2 through 21.0, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the affected system's DI network addresses to minimize the risk of exploitation. Avoid sending crafted UDP packets to the affected system until the issue is resolved.