CVE-2017-6627 — Cisco IOS and IOS XE Software

Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability

Added to KEV

2022-03-03

Federal due date

2022-03-24

Vendor

Cisco

Product

IOS and IOS XE Software

EPSS

93.3th percentile (score 0.102, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2017-6627

CISA short description

A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.