Executive Summary
Summary | |
---|---|
Title | Cisco Prime Access Registrar Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180905-cpar-dos | First vendor Publication | 2018-09-05 |
Vendor | Cisco | Last vendor Modification | 2018-09-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbkAC8XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczeeQP/0nsna7jDa2AOf17DeQrHwdGC9Xp h9mnbjmXdRI1TMrx8hW0vml0SX4q6jRJPzAncg21zf9zeAcLONNA8gRV7aXzImXj Gd62/+Kxp4gj1I0P5hKZfw52fdxKEu/B02yba2xezrxrhQOKIR542Jx4QEriTpSz 1Jy7zBDGJBg1XSgPQQxBI2QRPGWdLBdONmhxNziCufG9Ehh3wwVOmf0a018oDwc +C8UAdKhaQ6IpDbxh+I5k6vWIoJaK35aYIBghwKftb8XAoGli3gsR4YpWPr3qZGdC 0Ty2ajVcPiheXR6FTUGLYUPMcLRlyGd/X1FISyOUiBznAqGnLdPGC50vru7cYzYU 14TWS+hKhG+medq97i2IAiQuyfFRXKHtBmnWTGAksGd4F0hUNTSfm5M5Gt9ZKuNa c9QfZikbbcLv1vCWZ90kBotYD4Q65zaK3JidX3qzCsVfT7487P7GbuObhjvemhJl BLAesvjibFDK/XXz/M4KvYORAxCP0sCxrX9ztR+qpVtsa0KTBC0PbEGYeDYdo3Q4 uOQ7AtegfXlW62heljoNucA6jX39Un0SmeGrWlV9wRT+GiwjPQlFCMmacmswItvR vJBC1LZQeu2aXbhVr9gtIQh6PvxV9krCrOXdj8Rq5b1EXIoXSRXYWWm4l8C9hNsM 8M4UlyRYR6sGiXGn =pHpL END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-772 | Missing Release of Resource after Effective Lifetime |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Alert History
Date | Informations |
---|---|
2019-01-04 17:22:09 |
|
2018-10-05 21:21:50 |
|
2018-09-05 21:19:39 |
|