Executive Summary
Summary | |
---|---|
Title | Cisco IOS Software RSVP Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20140924-rsvp | First vendor Publication | 2014-09-24 |
Vendor | Cisco | Last vendor Modification | 2014-09-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNfAAoJEIpI1I6i1Mx3qoIP/RnDEwuhG4SEtyEAycEOpJoX cDsmK8C0xRKYkoUeSlmkO1TXzRk42RMnd6aoYAxojgqsYnVt10ZKibSLzCxZxWnX MMKhMPSrUSvWvPNgLDYyOJ4R4B6IOwYwS6wNCABtiwes/rET+p+d0gw4rZ4SLujF hSrWcxE8Fax5zU7Z++ZifOhcg/C7gGvIbsuStf01S6/oZHPx8PXnVj9J4eI0Yxz9 JRhkJQv8FlfJYzZnxbi545YH1fUt+e5FzTTlPOaYayYqi0E/NvrPW64s8QKLURE7 M01EzxIsyItwxIYAXy5pcUHnyAd/bZ21CmEiHvOq4GZVXoZpkkF0pCceos+mC987 4mPYVe+PwNrPJwb0qdG6MKDiXmO+txVFLazNF2JJaGeFYjeN+If57mJSttznVLiE ZPCkdLmr/Y2uDbtwoDdFI6TbrIsFceawIEKLn5lIPQrtt+JiwkWkxKSLMsB6wm0l nmogpIL43jgnozrYRTMizA+hu/mHgg88mOWD/AAFA5O6K+YQIEYYtYjy4Bundrq7 2Rr6uJNUN9fD3amT3ZqP6DE7ETlAkC29sFy0IuXkudpXc+YrcVAkhwrlMekoeepL t6cWl+o8dTaexJe7h4neuADwCPrT15wNBiasHP0Uw/BAUnbPM2aOjL8WZDb1BHvT 5AkSuOMpsSZakqt0vik +=kL1E END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Cisco IOS RSVP Path message with no session attribute denial of service attempt RuleID : 31980 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-02 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140924-rsvp-iosxe.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140924-rsvp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-16 21:24:15 |
|
2014-10-03 13:27:15 |
|
2014-09-25 21:29:47 |
|
2014-09-24 21:23:02 |
|