Executive Summary

Summary
Title Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
Informations
Name cisco-sa-20160525-ipv6 First vendor Publication 2016-05-25
Vendor Cisco Last vendor Modification 2016-05-25
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 Neighbor Discovery packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop processing IPv6 traffic, leading to a DoS condition on the device.

Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV0XLn689gD3EAJB5AQKJKxAAnJ91wZ0Ag79YXUfK9+5K/Vw25Z+FSOhe cElgkCsqW7DWhD/C1kkikheTBu7a56vvwTJFYNpO9ikYcY++g7WhrNW1ZMhlGz/C rQD2QD6RTSTdnWswco9CWqArtAXWEXOfgZsrrcJWNVi3klEuNKOaGMmQP+6Indgr Vdx7YD00XHlXN4c6ym28Ax7WP0RSFiEGvrHcniN2moH71nbQrOgNuOK1Bdzg3DiK Lz3LSqvastJ5HSkDYoDBuEe9GKLQPnlAo6wovsiH0hu+mD+BlMHlyI8R2Pdt3Wlv 8hqgkg825yeWdYQbrUq8ypG3ZKwoGqMW4skgzBGYUkYUqYw/ZChxtYR499tPUp43 e7dgpfMtU7kNJoPpGFuJFozCstqcM/+YAywyC6YywEhPJS7ns5NTQvybKjY6C32O Df4HZVbB45R/RZkmOBaVVlFq2fZ0DLRczAbmUm8is1E65UfQADSl8Pllraymfk4D GmK/llGmv2QOekmpF/+m86RxbBrJgf24JrbrOzORAofz4MGnAOH4TmkMd0nQj/HI 1YYyIP098gXVX/tQtSRYjgbsg3EjhRzVEsQ5w3DTTvpv2+A0d5XlfZWJ0RKC0IZ +nC6qPcS/Smc/gAj2VOH1EaayspAFVuLkYL+wk45HXT9YqX9ifjBypco+26664+Ap mFegCw21dbc= =66eS END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os