Executive Summary
Summary | |
---|---|
Title | Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160810-iosxr | First vendor Publication | 2016-08-10 |
Vendor | Cisco | Last vendor Modification | 2016-08-10 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXq0sPAAoJEK89gD3EAJB5liEP/Rv+55HMKOM4QC32IbekVhxI Nc4STIpJo6t9aKJWCBdR7swlZdl/ofoShSsPQFgfW8Vjm/NoOIqpXPf6O3P0dlY3 tWgA2jyvYyV1rlpxAir398i/pTCF4e/7DhI+67ZNy8QsP4Qr2BR3XMzZSW3bn9ol LJL2FxveLkz2V01QjrM6HgstmpxUGmrbQvd2dxXexOVXZObdvHm+nHeGHGXCS77c Ercxh4uFwrenWe+h9oSr5y+txo8YZzogCfQNQjOuuF+8/4FYr5v40OjulBYNb4sp 7M8JRxmfI4ost/uVbODtyPvp7LBR1AmXt4z/anuq4iWrKSOT5XbiQF83TpCpeR86 IE/hWSCony2cz2Ku9yw0bc38Z28t1PR5zrm/ARU/BWyldJBTn1ww71IU295/FwJt b5Bfxt2HwJgwkRaGQJa0hKt9nfs8sEzi12DtCdHUO1r9VqsXedTNqRLgUPtTrTNA lQ4j5UVGvplzfn2ArrndRkbtDotRssvb0IyQ1YlgVo4u2Wl5WllvUgVOzb5lQIcn DNvcj4WU/SL+09JLsOcwzPqyt7Mf7TqAuz0aK4cONTCcff5jgAC2K++cAk8KpZBl MM3v4bgWMn/3SjyjjwmhF9pA8jxYCcfrWSXuh0MXnf5q+U82G6mpqmTrzegaAHON XAvWYG9thoADLmFBWIwd =hP4Y END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-08-19 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160810-iosxr.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-08-23 17:26:01 |
|
2016-08-23 09:26:24 |
|
2016-08-20 13:26:23 |
|
2016-08-10 21:23:48 |
|