Nacionalni CERT

Ranjivost Cisco IOS softvera

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />Cisco Security Advisory: Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities<br /><br />Advisory ID: cisco-sa-20170419-energywise<br /><br />Revision: 1.0<br /><br />For Public Release: 2017 April 19 16:00 GMT<br /><br />Last Updated: 2017 April 19 16:00 GMT<br /><br />CVE ID(s): CVE-2017-3860, CVE-2017-3861, CVE-2017-3862, CVE-2017-3863<br /><br />CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H<br /><br />+---------------------------------------------------------------------<br /><br />Summary<br />=======<br />Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.<br /><br />These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition.<br /><br />Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br /><br />This advisory is available at the following link:<br />https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... /><br />-----BEGIN PGP SIGNATURE-----<br /><br />iQKBBAEBAgBrBQJY94y5ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg<br />SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx<br />NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlUtxAArIQ+OxzkoPB82HcY<br />FHJqzw3SFQpXXJsR6x0KpK9zV70297GZalth7ElJe0DC6WY4R357jD7Bjjy3Ul5Y<br />ICzRn+CZDs3F2f0YbbRFT44POSLhxW/yXco9ni/VrGqg3N8JpTI+2/BIlYJ4j3Qn<br />3LoOBr9upuMaMf4OBsAQG4JYSfoVXjyCNH5xjHm2DYS4kMeEPkvwmTtJyqqvEiks<br />e4yxOxX2lcM42XELf5Gv7Vnqv2D8qFufD47EQ+4yOFOAntit1E0khcMTC+d4igOu<br />2dyTd7MfpSk4dJA23aS5RCIxFk37YUxHLHlNvLv/O4wR7ALndto8BiSbg2KcggFj<br />wFdVUOkexHY18QtUz6+/3oZzdhVEGjYr/OOYS3kpq8r5NxwI6SKik+fa1Mx2+vK2<br />YxQYA6y/mRPK4Bt2cCoHPAXJXQCL4+O/C4MWAlV6bMc/ACXSH1nxIsos5ninS7Si<br />8z/zS64rl6wsKzbs8yUM6ga2NU/gngSMIxyreb5bSJrhFD2lE+89d3x7RCqL0cT5<br />NAgdY+GSGplqBDgSgtsFd56kpDWodZcoLOyCkR6cgF+o5akh88IYhLdfskR5nLQ3<br />I9jozao/WQv1dEu0Y6n9z6WB811Hjon9IBKYExCUcGtHH9YR/4FGEfNryYzUnEdq<br />23OT/wVEjfJEHsfqExaxtIB6TUo=<br />=YhVI<br />-----END PGP SIGNATURE-----<br /><br /><br />_______________________________________________<br />cust-security-announce mailing list<br />cust-security-announce@cisco.com<br />To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com</p>
Otkrivena je ranjivost u modulu EnergyWise Cisco IOS i IOS XE softvera. Ranjivost je uzrokovana neodgovarajućim parsiranjem posebno oblikovanih EnergyWise IPv4 paketa, a udaljenom neautenticiranom napadaču omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim zakrpama.