Executive Summary

Summary
Title Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
Informations
Name cisco-sa-20160721-asn1c First vendor Publication 2016-07-21
Vendor Cisco Last vendor Modification 2016-07-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code.

The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function.

US-CERT has released Vulnerability Note VU#790839 to document the issue.

Cisco will release software updates that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXkR+jAAoJEK89gD3EAJB5pDMQAOb/g5NPySkVBdpzDwjBFI58 u3tDBTRzvAVjleEW93WjHrEDtsq3exaUv9L2hdbwZrMvFFVqB1IVshfO9BMLDg7d An4jxh7uMRsGH7IGI95s032/8zD0RPqUeZ/eqh5kqV9r43N6UCSWIEsnXGGMnbZP KULIIzJYclG3f9q79wQ/kdTBc2KGHcTAAIaQogczXhUGEdFl7je/zQUrG91FB90O I5E8DvDe8UJYOWdGHQ64Er/LL+lfhmEyvBqKcWHo1eSYGLGn/5yVQPMFoMpwEcAi 9PeM1nCWEjc0kw/IyKTK3k54PbBwGjtwSTK659F6DsX6zqFcXPorcLtVQv+AyQ5o 6JeuQiBx6ab+qdrpruKB4AWXvvI1uE0TtYtH+pv8xyH30Z5r/aeb/Rum8zgehc/j 3G8Gr58gghMt34Hxt+nfropRiGRMl+8Saj8rpfdsLWgIO711vB3RCz7sOEggAvzp Th7KCga9G7uZNnmWy/NYm5MGk+h+bj1Nue5p8ZgPMqVwkRC9yQt5gzHWMlKSni6m HVyh41wicmoTrd44dOWr5pDXKvbQ7P/Me3ZcJxwZr/A57qHOdPNc0lwtzniIb1O8 rbAqG7gOWe9M78A8A8Bo3PV2e0XdeaCz4L8lzmR3Nnq8j5LORZjB6qKhR7oBtTpU 1s0pX/1fYtuQFO0uK5ah =S9PG END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-11-29 00:28:08
  • Multiple Updates
2016-07-22 13:36:14
  • First insertion