You are here
Home > Preporuke > Ranjivost Cisco IOS XE softvera

Ranjivost Cisco IOS XE softvera

by - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software Web UI Denial of Service Vulnerability

Advisory ID: cisco-sa-20180926-webuidos

Revision: 1.0

For Public Release: 2018 September 26 16:00 GMT

Last Updated: 2018 September 26 16:00 GMT

CVE ID(s): CVE-2018-0469

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed.

An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos”]

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbq67rXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczljUQAMIqqbPCxqFfOQg4CJ4/ze9PHCEv
VcROtGqXwonPoBAIXoWyy3sb62Cpc4RefZNMXM8ownyRQ2i2LlSkWUPD4+dbdo1k
92QWb4K9MfvigJRNJHWj08ei0BpURgmxFd5O9jD7ElQAeccPPckFr6GQ6838QUSI
CFhLcM9QENTJaitmkLPpwVxifiwHM+wVw4PqPpAZI1JcKgsog/4wvITl7qLflSQd
2bR2vdKcCIndF6zh4NdezLBfNcLXOfe86qp0K+DHxbNBvMvC8WAAPyrNcG09qN5w
i9cDC8dR+fg7v2XnwUwIOAd3G3PeaPgLyd24aAbooHCLwtCurmSanLN1q71RKOd2
LtPd2O6aagoXetPU69+lD1XIilzdyF8oucY3MhuQULYevMTgIa+OC8kTd581QDFA
X/zFDM7Tm6AuXALk00UvHcp3CiF2Mhh9WQSBZgUCD71TaoJoNSUMNsK7P2QcVMQK
MhrmveX8W4fHYx/J34SpiwBXVyHxf1t5Y/yi+l8cua55RjpoBeGlVfMHXzwr3Ox5
CpR4FTbJHrDWdBbRPcAlU92OzTMODfGVAXlaOMjAfiD39RVc/qxlDGwNT1BUkJpw
kJgECERVOOgiDN3NbZx8uSsghV+i7NM6jpn+zGAQf+Xy6vnHKQAyeYqG2MpwePOg
OnWLlahe6h8crI/2
=RCJ6
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Ranjivost Cisco ISR G2 routera

Otkrivena je ranjivost u SM-1T3/E3 firmware-u Cisco Second Generation Integrated Services routeru (ISR G2) i Cisco 4451-X Integrated Services routeru...

Close