CISCO : Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106170

Kategorie: CISCO

Titel: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

Zusammenfassung: A vulnerability in the processing of Network Time Protocol (NTP); packets by Cisco IOS could allow an unauthenticated, remote attacker to cause an interface wedge and an; eventual denial of service (DoS) condition on the affected device.;; The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the; interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP; packets to be processed by an affected device. An exploit could allow the attacker to cause an; interface wedge and an eventual denial of service (DoS) condition on the affected device.;; Cisco has released software updates that address this vulnerability. There are no workarounds that; address this vulnerability. However, there is a mitigation for this vulnerability.

Beschreibung: Summary:
A vulnerability in the processing of Network Time Protocol (NTP)
packets by Cisco IOS could allow an unauthenticated, remote attacker to cause an interface wedge and an
eventual denial of service (DoS) condition on the affected device.

The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the
interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP
packets to be processed by an affected device. An exploit could allow the attacker to cause an
interface wedge and an eventual denial of service (DoS) condition on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that
address this vulnerability. However, there is a mitigation for this vulnerability.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1478
BugTraq ID: 92317
http://www.securityfocus.com/bid/92317
Cisco Security Advisory: 20160804 Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
http://www.securitytracker.com/id/1036541

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106170
Kategorie:	CISCO
Titel:	Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
Zusammenfassung:	A vulnerability in the processing of Network Time Protocol (NTP); packets by Cisco IOS could allow an unauthenticated, remote attacker to cause an interface wedge and an; eventual denial of service (DoS) condition on the affected device.;; The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the; interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP; packets to be processed by an affected device. An exploit could allow the attacker to cause an; interface wedge and an eventual denial of service (DoS) condition on the affected device.;; Cisco has released software updates that address this vulnerability. There are no workarounds that; address this vulnerability. However, there is a mitigation for this vulnerability.
Beschreibung:	Summary: A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit could allow the attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there is a mitigation for this vulnerability. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1478 BugTraq ID: 92317 http://www.securityfocus.com/bid/92317 Cisco Security Advisory: 20160804 Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge http://www.securitytracker.com/id/1036541
Copyright	Copyright (C) 2016 Greenbone AG