Executive Summary
Summary | |
---|---|
Title | Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180328-igmp | First vendor Publication | 2018-03-28 |
Vendor | Cisco | Last vendor Modification | 2018-03-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.1 | Attack Range | Adjacent network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp"] This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJau71CXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczmKQP/RLPw1f8PzJuzaldMst4Ct2mSvYZ bBhgdeXgQi0esMs/zTWSoW+ZayUscPZkDLLmw1P2yfdzPPq7c3ZXkb8+FiC1k9b9 bFMLm5ud17pUAADwt+dY3fWEJPhMbXp6PobrgFTDtsf0rboWbVMOK/Wtg5WL073H L+aBeB+aJ26YAZcgdB80uzdwn9bZk9/1evIiCRu/nxbQ6GFHmB0KlDnRoP0YMaRH /p8Jq9aJaqeEfrCy6UwHC3yA3SfygKgfvoK70uoLzba6pqYx3ZAAJ1SO9Tv7GM4m JvkhJ4AhhQuCklC+HrZnzw9R7VCreF0GFY0+DhPb0XWzKi5Z8C11YhmX+O3tc8pS AkDvKK8rTPfHiUureDI4TpsZ26GQvxMsjYa4JPQbPH6YlKRSkNNmMhduyfBVQT/ +jFMmQdeeoifCMdh+5jlyAOE3int7/KKl/rejL4sZITHKtzxiBwGnBNn2bkmO7geF W9Yqcjr9DRCkpdUWFW0XbMEk/4b6od96I2I07YIyL/fXj2yOev6vQrV8pE+h1IYW kSLNtTAI9SIR/z/HvMuLfem2JwkpGceEXXYGvQ/MXfEcXjlSddhbeMy2VoCT3g3i R+2u1Zx6IM6MaFQlboGq4zYQtD4xmRdLJp4Fjkf/+8bY6QjIOVSZn9g6iexPmLyS E79+BSvuiY3bcSTR =b1K0 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-772 | Missing Release of Resource after Effective Lifetime |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco IOS XE IGMP denial of service attempt RuleID : 46128 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco IOS XE IGMP denial of service attempt RuleID : 46127 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco IOS XE IGMP denial of service attempt RuleID : 46126 - Revision : 1 - Type : SERVER-OTHER |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-04-24 00:21:09 |
|
2018-03-29 05:20:09 |
|
2018-03-28 21:19:01 |
|