When configuration synchronization (ConfigSync) is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypt and authenticate connections to mcpd. (CVE-2017-6161)
Impact
This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack by way of resource exhaustion.