Cisco IOS XE Multiple Vulnerabilities

Last Update Date: 31 Oct 2013 15:27 Release Date: 31 Oct 2013 2994 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities have been identified in Cisco IOS XE. A remote user can cause denial of service conditions.

  1. A remote user can send specially crafted ICMP error packets through the target device to trigger a flaw in the Zone-Based Firewall (ZBFW) TCP or UDP inspection feature and cause the target device to reload.
  2. A remote user can send specially crafted PPTP packets through the target device to trigger a flaw in the PPTP ALG feature and cause the target device to reload.
  3. A remote user can send specially crafted TCP packet through the target device to trigger a flaw in the ALG and NAT features to cause the target device to reload.
  4. A remote user can send specially crafted IPv4 or IPv6 EoGRE packets through the target device that is configured with an EoGRE interface to cause the target device to reload.

Impact

  • Denial of Service

System / Technologies affected

  • IOS XE for 1000 Series ASR; 3.4.x, 3.5.x, 3.7.x, 3.8.x, 3.9.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (3.4.2S, 3.5.1S, 3.7.3S, 3.8.1S, 3.9.2S).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Multiple Vulnerabilities

17 Oct 2013 3316 Views

Next

Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

31 Oct 2013 3161 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY