Executive Summary
Summary | |
---|---|
Title | Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160721-asn1c | First vendor Publication | 2016-07-21 |
Vendor | Cisco | Last vendor Modification | 2016-07-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXkR+jAAoJEK89gD3EAJB5pDMQAOb/g5NPySkVBdpzDwjBFI58 u3tDBTRzvAVjleEW93WjHrEDtsq3exaUv9L2hdbwZrMvFFVqB1IVshfO9BMLDg7d An4jxh7uMRsGH7IGI95s032/8zD0RPqUeZ/eqh5kqV9r43N6UCSWIEsnXGGMnbZP KULIIzJYclG3f9q79wQ/kdTBc2KGHcTAAIaQogczXhUGEdFl7je/zQUrG91FB90O I5E8DvDe8UJYOWdGHQ64Er/LL+lfhmEyvBqKcWHo1eSYGLGn/5yVQPMFoMpwEcAi 9PeM1nCWEjc0kw/IyKTK3k54PbBwGjtwSTK659F6DsX6zqFcXPorcLtVQv+AyQ5o 6JeuQiBx6ab+qdrpruKB4AWXvvI1uE0TtYtH+pv8xyH30Z5r/aeb/Rum8zgehc/j 3G8Gr58gghMt34Hxt+nfropRiGRMl+8Saj8rpfdsLWgIO711vB3RCz7sOEggAvzp Th7KCga9G7uZNnmWy/NYm5MGk+h+bj1Nue5p8ZgPMqVwkRC9yQt5gzHWMlKSni6m HVyh41wicmoTrd44dOWr5pDXKvbQ7P/Me3ZcJxwZr/A57qHOdPNc0lwtzniIb1O8 rbAqG7gOWe9M78A8A8Bo3PV2e0XdeaCz4L8lzmR3Nnq8j5LORZjB6qKhR7oBtTpU 1s0pX/1fYtuQFO0uK5ah =S9PG END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
Alert History
Date | Informations |
---|---|
2016-11-29 00:28:08 |
|
2016-07-22 13:36:14 |
|