Executive Summary

Summary
Title Cisco Prime Access Registrar Denial of Service Vulnerability
Informations
Name cisco-sa-20180905-cpar-dos First vendor Publication 2018-09-05
Vendor Cisco Last vendor Modification 2018-09-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts.

The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbkAC8XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczeeQP/0nsna7jDa2AOf17DeQrHwdGC9Xp h9mnbjmXdRI1TMrx8hW0vml0SX4q6jRJPzAncg21zf9zeAcLONNA8gRV7aXzImXj Gd62/+Kxp4gj1I0P5hKZfw52fdxKEu/B02yba2xezrxrhQOKIR542Jx4QEriTpSz 1Jy7zBDGJBg1XSgPQQxBI2QRPGWdLBdONmhxNziCufG9Ehh3wwVOmf0a018oDwc +C8UAdKhaQ6IpDbxh+I5k6vWIoJaK35aYIBghwKftb8XAoGli3gsR4YpWPr3qZGdC 0Ty2ajVcPiheXR6FTUGLYUPMcLRlyGd/X1FISyOUiBznAqGnLdPGC50vru7cYzYU 14TWS+hKhG+medq97i2IAiQuyfFRXKHtBmnWTGAksGd4F0hUNTSfm5M5Gt9ZKuNa c9QfZikbbcLv1vCWZ90kBotYD4Q65zaK3JidX3qzCsVfT7487P7GbuObhjvemhJl BLAesvjibFDK/XXz/M4KvYORAxCP0sCxrX9ztR+qpVtsa0KTBC0PbEGYeDYdo3Q4 uOQ7AtegfXlW62heljoNucA6jX39Un0SmeGrWlV9wRT+GiwjPQlFCMmacmswItvR vJBC1LZQeu2aXbhVr9gtIQh6PvxV9krCrOXdj8Rq5b1EXIoXSRXYWWm4l8C9hNsM 8M4UlyRYR6sGiXGn =pHpL END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-772 Missing Release of Resource after Effective Lifetime

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2019-01-04 17:22:09
  • Multiple Updates
2018-10-05 21:21:50
  • Multiple Updates
2018-09-05 21:19:39
  • First insertion