CVE-2017-6641

Name of the Vulnerable Software and Affected Versions Cisco Remote Expert Manager Software version 11.0.0

Description A vulnerability in the TCP connection handling functionality could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The issue is due to a lack of rate-limiting functionality in the TCP Listen application. An attacker could exploit this by sending a crafted TCP traffic stream, such as a stream with the TCP FIN bit set in all packets, to flood an affected device. A successful exploit could cause certain TCP listening ports to stop accepting incoming connections for a period or until the device is restarted, resulting in a DoS condition. System resources like CPU and memory could also be exhausted during the attack.

Recommendations For Cisco Remote Expert Manager Software version 11.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.