7.8 - cisco-sa-20160323-l4f

A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition.

To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f

This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see Cisco Event Response: http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW8DU6AAoJEK89gD3EAJB5gd8QAKIvLg7vwXD/HuiRHNVVG69u rvYEQjI1/fBYFUOba4oX31JcMvgSo1+SLDnpXGLrhnbE0+tZXUcDatTGARsaUYMs 4sC57yPf8gQe7kCujGf1Pkc18nF3qoVNKVwsMIpvBKLWACEg5QCRdHRWu/wJ5XhW q/PkwC5O16gtNC7CaQ6RKO2tnRJhvknJ6xsOii9YA7djSVVZw5Tzqnpvi6E5ztn2 OTFKqRq42h0WS7i2FPEcJlZVrGclrh2dRczlSFjzhK+VeRgLAYEp1brGUwc02KkJ n9QWn/B1tlfm1Rft2mGFyggpgVvGQkCtsRZIII8ZoFOHwXegdFF7/U62upj8u6zf T1JrtnAdSCGkRdVjLXH+VKdG0+Jgi9xqXrjP7XC2xsUxhXl4WO1gzKPFD1w8zrcA 68E6aN/jFIJbXDEMTZRRKnoPCt2cIS90aPfukDNA/6xXx1j80+NxWNEPLE7MSgpy woj5zr/1wEsb3ndjXkEQpxLQVeRr3nybrRpPEYVnmwRpZRq4AsZDYemv0i2i9frq R3CB4vMmdah2A+jZXImMIfYt4HHLcndbYgCd7+CtfXdnLZugoKaIG65HYuRfImyJ ND+ERscodpJo99ojNETIpwtraJ4VvDkqC7Mv2cuWBVJG3tD0LOmSJs+HWOQuxtxC XDxVegi2KshtmhYIImHY =UTvK END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com