Executive Summary
Summary | |
---|---|
Title | Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170322-l2tp | First vendor Publication | 2017-03-22 |
Vendor | Cisco | Last vendor Modification | 2017-03-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp"] This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-60851"]. BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJY0qKqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmEgxAAshBFiyt/hGUC3/it JEYnR1a1Rspaba1kBbMQCgrfPK4hMaZwAykJzkaTSQMSo78SQ3+ddb4tVDk0bSk6 8+WEKFApGC8K6iZkIrUMl2rCX+0A3km42j/IN6bUysuzj+wmj5CQauEgQ8+mgzBn DP5IUyKKaITH83/I2Esin1tsEMcwxVpOUnrjYQVrD4TRLIxp75GsLrF1LnLjPaXk PfU8IEk4OlU/CSePErbYo6Kp3C3spzmIOy6znkikHhlRAhzNcBLTuccY/ZmeFARK JdaWelXdf94GCWBb1iEi3vON/L/ISgDcR5NfOJ43ocot2oGriEq0+qXpabuWQJxI gGZpeITgPPZ8YaY+KK/yymNuag3/lwYn39cgiy7yqVlz54U8dz3Hp9KrB2o3/8+n HwyiRBCnZ81iXiy+2oZnosjOpKBnnlnkKhu9l8exxzqpUjRW2aagRzFqIhu7ZTsX V/BRMaqlBw1thXZlJGUxIomwocXb8f4OrCLh4G57h6749lPeDb/qH4GMriWLO1g4 byCaaHuJ9qpkUYnOcpYaPjre2moC+sHaZZeEP13A9dgHBD3Ue21eiSiSRgnvRd5e 624gJhBHRixDs6n3/ePHJ+jjDYhtBOMjIT7gKueeMocKosLqOrjMUwTPaOajCnoy lx3ZL8eV6WFSukbbuVDiimYbaM0= =LLYg END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-03-23 | Cisco IOS L2TP invalid message digest AVP denial of service attempt RuleID : 42070 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-03-28 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170322-l2tp-ios.nasl - Type : ACT_GATHER_INFO |
2017-03-28 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170322-l2tp-iosxe.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-03-30 21:24:44 |
|
2017-03-29 13:24:22 |
|
2017-03-23 00:25:04 |
|
2017-03-22 21:22:54 |
|