Executive Summary
Summary | |
---|---|
Title | Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160928-msdp | First vendor Publication | 2016-09-28 |
Vendor | Cisco | Last vendor Modification | 2016-09-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB561YQAJOjzfSJejNp1gjlewhIWplx q16B1gGQVWYLquXpaVrvVvelMZ7pk3JD0zrH2MVh1s/TUNEqtm7oJutt+KWAqoNU Z7m0+uo/wE8S8AOmZXR1tu9KY+z8sFQp7Te1UetXA+S1F6pz0vy9OhkuwTcZNj/M SEr30EodtSLpQMC/MktE5gnTB8Bw6hSNYdDg9Q9gLpL9tc8466rSCJ0iM0L+wEYD 7eno/yufeV6KpuabR1tCSVgvEdU/Z5SSWspbaRQbFdgnQyN+Kux7sZ5b4rkhGd0G SW0GjTkD03ITVlwoiVhIdI0VwA6A8MVgfKRTEqWeNGvwQOOrPUsI5t1u/OW2quqe oCihEzcVIthTpz1GiKoetpC3mtzxvn3kPRrCNZ4ah4AygUSMGvq4hmwxFvX81i9s iFecwbSszNLHeEFhyOt8yaPiYpB5w4wmSYGztr4KVWs4pPWKVgrMhpqwqDd4nzmI 5g4sh/AJdQysHznUe5DAFCfPDulJkylZN4MgVQ+pd1RYWvrjTrg5EeRfVhAryiWh F5mTAGLuESO8QIsk/Vyk2bDcw/sfBcwcbGY6yb+7a7E7KMCllqLzJhI+XncbEyxk xaJYIbWbofJ46hWqGTz6RHDMjeWUdojruymZmvR+a20cHHT+qCAA5Air7JTlatr9 Oj07cuVQbR2OI4RUrH+p =fO6P END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-10-07 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160928-msdp-iosxe.nasl - Type : ACT_GATHER_INFO |
2016-10-07 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160928-msdp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-10-08 13:26:19 |
|
2016-10-06 05:22:38 |
|
2016-10-05 21:24:15 |
|
2016-09-28 21:23:40 |
|