Resource exhaustion in IBM FOS Firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-6227 |
| CWE-ID | CWE-400 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
FOS Firmware Hardware solutions / Firmware |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU10448
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6227
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause a DoS condition on the target system.
The weakness exists due to improper handling of Router Advertisement messages. An adjacent attacker can send specially crafted RA messages, consume excessive amounts of CPU resources and cause the system to hang.
Install update from vendor's website.
Vulnerable software versionsFOS Firmware: before 7.4.2b
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/650699
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
