Executive Summary
Summary | |
---|---|
Title | Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180418-iosxr | First vendor Publication | 2018-04-18 |
Vendor | Cisco | Last vendor Modification | 2018-04-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.1 | Attack Range | Adjacent network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJa128LXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczfOwQAJaeFIxYv8PpY6fjaoIXDOz+pRNB FHz6I+zzJwSaSH7S1mb6yfOa+KJw55J3XcYw9ek72TWWVngshPlv5TOBQl++A3DO CZHL646gNvNfkpPGmqApD23xTY7v/STqdd1HOPXW8LMKyBxnTL+Ee/LXqHuVM8vC mcTLn/8TzoLmYovVwKL8AXSne+ggiWCnPAOzb8jSNNjMtzytB4pkoujDUGcEQk3S WQxL2SrRkhLFd1Fs233H6G7WvI6iArKePNbp4Oi1beyN8Pmm4K9UzPSyePeJkyBE E59rZi/eXuwVqjAigQVHRf+JHXYTo2zZIuEWxACubQpYBQi4l7XtgcFkml1xt5ag Awbmqwp1d9+K63ezWovKPra4FOV5KUmGgCe+3ZBpNFwtWDrOjugMxWHs6LkRC/Q0 /fbwMxXfY1MBor+jvOTAiM24xODZ3qLWIJzlW+pyl7s1JUNy7mrXr7M07V5qsU5a TCdv5z37VpfyvluYC1PuEJSghefc1Hyr1VYUWWCD42gE+wgNzFEmImz9cf5CzyjP /yIp1Sl8DIo/ewlsHYK8v0LphOZPElHx3pzYlnBriFSYktWN//K9lqK7lyiTQrio VGz+KL4rkvtLSluqzgZOk9+1kmQR23h1ne5iMtboB0Y5hdQh/HSdzs6dwvIrIUsY XNz2+zivP30UkNsg =kB68 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-04-27 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180418-iosxr.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-05-24 21:21:51 |
|
2018-04-20 00:21:17 |
|
2018-04-18 21:18:37 |
|