Executive Summary
Summary | |
---|---|
Title | Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180926-ipsec | First vendor Publication | 2018-09-26 |
Vendor | Cisco | Last vendor Modification | 2018-09-26 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec"] This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbq67uXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz/XQP/isMlb9FU8tSIC0VCDBlUkmkrCEG gMOPfu4spZtLzJH17B8O1ZaQCGD0dJtjTvr7RwDgVTFL9kXKJ/Wfik5LyHXuxAqq NHYYakPtA1JBOS3Mko5Rb5Vf26tBNf/bDIEq/jl/G7BICoYdwZPbINBYi49HjDtE Nga8ROS+5IxUYqC4NXuADCfHqh5OIBdSV4LvGkGfxvWWpUcsACt9Khb8Ffc6jYud RLJwmjxdUxt2qafX8WJ0qB/EYmxgIKqQr38TNUEjIU8t1FvrPmwI7FxQ2y7GBKrf 35sUV9qqMUZSXxdtpyF3HF/X2t+yOqjsKS8kPNXSz49kel23khcFBK+dDhMaypSD xOdsxPfJZ8WG4gvczWZcQ+VDMPVRkmZidmxOLgcaJc8fMJqIzwl6ju5uvI6puY97 rBub1VHqISfldIaS+XlOOBnOtTyiToD2G8+piOyPhe0eYh7Vw04ABAnoYFNrOjCB Nr29Hn5X6QRX94dEr/LKRxhzVQFJPcbq9nIJFvq5JrCmAOg4IpU87WWplurrQVg6 D+C8TY8tQXq0NPlW5zX/w8BwVkgEJx2lSudjek9FJtQJcv6hliY2mlFSGqhiyAgt DCT9Eyx51J1wp3phCUbUs8GFggZ3yXG851EMC4Q64juPeli3r8TjDU479OGi2cVN x01YMBcZJ8PVjuP +=eAvT END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-10-05 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180926-ipsec-iosxe.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-12-31 17:21:13 |
|
2018-10-05 21:21:50 |
|
2018-09-26 21:19:15 |
|