Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System |
Informations | |||
---|---|---|---|
Name | cisco-sa-20140924-mdns | First vendor Publication | 2014-09-24 |
Vendor | Cisco | Last vendor Modification | 2014-09-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition: Cisco IOS Software mDNS Gateway Memory Leak Vulnerability Cisco IOS Software mDNS Gateway Denial of Service Vulnerability Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNeAAoJEIpI1I6i1Mx3euMP/0ptD3acwXkieo5NTQEYXU2L cMlnxkTZnXzzjkGAcy0eJKhHAh9JI0FU5DcEVmMbTd7qXnm2sixFYR27dxMCJBaG Quj5RgGGz2KUFNGO87+JX8zw8yBKyknN8eO7njBb6c99UHAv/GVZAjnwcDEbRM3L G7/C7S7ZVkk8w63U46CsVV5eaGj2RQnbZx3jYNhPKjZnCc/MQSM87nnTuR8RjkCm wlrReK6BjxtJ13R3o2NmWzSJWSsc8N81pvIooJdaBCqlGZ4e/j06Z5+S5CF3DGiJ xJvEdKGdvLRo14hUtQLJ8Vx8bJMkHBdr7Bernmca/8AIeXEMdc61ZGs8bS72Magh JbiJIT7B3jQXdjzQpQ/mHKNoghkI302g3H6egrtsCBWr+lepEIfmHLf4h0LueqWh pVQPqXWAGg+5AR1ABvP+mwtQuz/psboXpacMM8keZ2a/6uS82tf3lTXR/8zBd+Om sGbhBYIkO67Cp/Zn2CNY1v9Pg8f4tNAkATazg2Mvt4QfOlRUFRYBdyV2LZLSDCJ4 9/Pw8s7pLMMFpt90pBzIBUY+FsiGkWoHduMO7/O93Zw4Y2n2vnRYFkyuFQFphBuO M2Yb20vqO9tsELTt0MDmdfXf40HhhAUF6zbw6fWa4SCV4CwZn6h8eAZttsqQQqxl cdgZjAsAV5dsoejxk0LC =7Kkh END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 4 | |
Os | 6 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-27 | Cisco IOS mDNS denial of service attempt RuleID : 33929 - Revision : 2 - Type : SERVER-OTHER |
2015-03-27 | Cisco IOS mDNS denial of service attempt RuleID : 33928 - Revision : 2 - Type : SERVER-OTHER |
2014-11-16 | Cisco IOS mDNS malformed rrlength denial of service attempt RuleID : 31984 - Revision : 2 - Type : OS-OTHER |
2014-11-16 | Cisco IOS mdns memory leak RuleID : 31982 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-02 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140924-mdns-iosxe.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140924-mdns.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-03-27 21:26:26 |
|
2014-11-16 21:24:15 |
|
2014-10-03 13:27:15 |
|
2014-09-25 21:29:46 |
|
2014-09-24 21:23:04 |
|