CISCO : Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability (cisco-sa-20160810-iosxr)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106177

Kategorie: CISCO

Titel: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability (cisco-sa-20160810-iosxr)

Zusammenfassung: A vulnerability in the driver processing functions of Cisco IOS; XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated,; remote attacker to cause a memory leak on the route processor (RP) of an affected device, which; could cause the device to drop all control-plane protocols and lead to a denial of service; condition (DoS) on a targeted system.

Beschreibung: Summary:
A vulnerability in the driver processing functions of Cisco IOS
XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated,
remote attacker to cause a memory leak on the route processor (RP) of an affected device, which
could cause the device to drop all control-plane protocols and lead to a denial of service
condition (DoS) on a targeted system.

Vulnerability Insight:
The vulnerability is due to improper handling of crafted,
fragmented packets that are directed to an affected device. An attacker could exploit this
vulnerability by sending crafted, fragmented packets to an affected device for processing and
reassembly.

Vulnerability Impact:
A successful exploit could allow the attacker to cause a memory
leak on the RP of the device, which could cause the device to drop all control-plane protocols
and eventually lead to a DoS condition on the targeted system.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6355
BugTraq ID: 92399
http://www.securityfocus.com/bid/92399
Cisco Security Advisory: 20160810 Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr
http://www.securitytracker.com/id/1036585

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106177
Kategorie:	CISCO
Titel:	Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability (cisco-sa-20160810-iosxr)
Zusammenfassung:	A vulnerability in the driver processing functions of Cisco IOS; XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated,; remote attacker to cause a memory leak on the route processor (RP) of an affected device, which; could cause the device to drop all control-plane protocols and lead to a denial of service; condition (DoS) on a targeted system.
Beschreibung:	Summary: A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. Vulnerability Insight: The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. Vulnerability Impact: A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6355 BugTraq ID: 92399 http://www.securityfocus.com/bid/92399 Cisco Security Advisory: 20160810 Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr http://www.securitytracker.com/id/1036585
Copyright	Copyright (C) 2016 Greenbone Networks GmbH