Executive Summary

Summary
Title Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
Informations
Name cisco-sa-20150325-mdns First vendor Publication 2015-03-25
Vendor Cisco Last vendor Modification 2015-03-25
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device.

The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns

Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3h30P/3gJw08jXsXrVu8KO7L3kqLR vKTMc5BYxLQPoLO3SjI2p6uNKn5iMM6oOsKSZt+mehlDZUUe1JBVricFa07bNQmh jW9mCwVrsMMfOF7NL47vJm6GtGZurhc5WlCRp0uE1PNJs6NmMyRgszTxDz1F5Tjh fq6/2SiKnZW0w+MuxZnrck9rPZ+fzjcpe7sKOUr3htAi/Z0cfhadQrEcVXFuRhn9 bSk0D71zzfXt1VazqOIZiciRJOu/cEN5Tq+NZWTUKqFPFlepjT1G/Ho3WPtQWxbp UwZyeh2InlFnc7DWuNCqW+eZ1CFDPWVNGmWcQq3oxNHkvAAvQsn7vsOgNJRr+yNi S8emKrm94iyIaD2ouOMDgof4MireHLNKNnVecsnuJqUui89zZiT6ZIXg5S8eM5sx rkkfoGjTALePenydwM7eAPjUxI4vFzGPwk1ikQrT49a8fZTJ0/p/S6X8BbybJJXK JHiBdOw88ppa7ixOHgSubHH86KKqm5tCqRI13RpTTtDXQpv4Ev0spiDGeTTKtWEA lGmZldoLHO5Tkk+HUwlUMobluwnt1kGKkAFA+wSRukArAt8i52OUziDmQ4WYBf7a CKw+f6WU9YjGxP2jpp/Xy3u9kKkHHXb8R9y009yXLg1ShZS8eiqQhh6O7O7NuiNL k43tGb1gB+D+0SPS3w/x =DuB0 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 7
Os 16

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-30 IAVM : 2015-A-0175 - Multiple Vulnerabilities in Cisco IOS XE
Severity : Category I - VMSKEY : V0061141

Nessus® Vulnerability Scanner

Date Description
2015-04-03 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150325-mdns-ios.nasl - Type : ACT_GATHER_INFO
2015-04-03 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150325-mdns-iosxe.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-04-04 13:27:18
  • Multiple Updates
2015-03-28 05:29:12
  • Multiple Updates
2015-03-25 21:26:36
  • First insertion