How severe is CVE-2017-3793?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2017-3793?

This is classified as CWE-399, which is a common weakness in software security.

CVE-2017-3793

MEDIUM Year: 2017

CVSS v3 Score

4.0

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-399

View all →

Vulnerability Description

A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.

CVE-2015-5001

MEDIUM

CVSS:4.3(Medium)

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a d...

CWE-3992015

CVE-2016-8784

MEDIUM

CVSS:4.3(Medium)

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LD...

CWE-3992016

CVE-2016-9220

MEDIUM

CVSS:4.3(Medium)

A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the con...

CWE-3992016

CVE-2016-9221

MEDIUM

CVSS:4.3(Medium)

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacke...

CWE-3992016

CVE-2017-12287

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, re...

CWE-3992017

CVE-2017-12360

MEDIUM

CVSS:4.3(Medium)

A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vuln...

CWE-3992017

CVE-2017-3793

Vulnerability Description

Related Vulnerabilities

CVE-2015-5001

CVE-2016-8784

CVE-2016-9220

CVE-2016-9221

CVE-2017-12287

CVE-2017-12360