—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
Advisory ID: cisco-sa-20161102-tl1
Revision: 1.0
For Public Release 2016 November 2 16:00 UTC (GMT)
+———————————————————————
Summary
=======
A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR
900 Series routers could allow an unauthenticated, remote attacker to
cause a reload of, or remotely execute code on, the affected system.
The vulnerability exists because the affected software performs
incomplete bounds checks on input data. An attacker could exploit
this vulnerability by sending a malicious request to the TL1 port,
which could cause the device to reload. An exploit could allow the
attacker to execute arbitrary code and obtain full control of the
system or cause a reload of the affected system.
Cisco has released software updates that address this vulnerability.
There are workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
—–BEGIN PGP SIGNATURE—–
iQIVAwUBWBlmqq89gD3EAJB5AQIECBAAg/G8Bb3ELSIv8KeppZZNvnNuZu5+JXSS
TzFdDS2jpr9gC93a2+lkuSzQd4JGRf52u2LGrGSlAE8nf9KQOootz297+N55211t
huxuaE04Xn+Wnqi+HMhAN7i/fAqPXvy1MGdwuDs2j7SjuoKXOBpIjyPVbAflI8zx
jX6TTV/qBH8FYhozONXSAtxC5l3KT2IkCyu8Wt+fsCmQgnWEBR5lnKVmWOyX7+sm
+/H2mvrd+C8qJnNmIvizDIMSIMRLZXCRodyTGYcQqmO9Swaiu5ucIHcPe6oVSJvh
68SmLD0W2YAxuXkgX7Pr+hJh4/oN22jRNJkrYWO6Niy9mNEyJljp3eGWKMpbKXK7
Qe3DHZ5ILjLD7hzoUTZYIBhHkQvmJbAbXMuuIrGDxKnIqS/1G5q2nCoC99Qb66IA
+mOoY/eehJUOFyyfX56NtQuXA5NLrseHWVyGtecLzB55nxqQ+bpvdkYDjV/7fUPc
M+jgtTO1AhNkqT36Sqr8x0R152L+j6LxBbhT7DGPWjywmleHBGjqRSqC6nfRV8oz
joTb5MScXvUqM/oyAO5F60A0eHjY2Y32B/ABe+GfHqtnFFiyUdofWgtpH6QPETbO
QTg5inydNDrqppAA+T5JG3LZJpSn7PuIJ60HWFSirmgAgpHXhe7yCi2+X+6y9Fp/
S0Sdoo9MXGA=
=leRx
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com