CISCO : CiscoIOS XE Software Multicast Routing Denial of Service Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106312

Kategorie: CISCO

Titel: CiscoIOS XE Software Multicast Routing Denial of Service Vulnerabilities

Zusammenfassung: Multiple vulnerabilities in the multicast subsystem of Cisco IOS XE;Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The;issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).

Beschreibung: Summary:
Multiple vulnerabilities in the multicast subsystem of Cisco IOS XE
Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The
issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).

Vulnerability Insight:
The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient
checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send
traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to
trigger the issue to the affected device.

The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated
in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous
point (RP) could exploit the vulnerability.

Vulnerability Impact:
A successful exploit could cause the affected device to restart.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6392
BugTraq ID: 93211
http://www.securityfocus.com/bid/93211
Cisco Security Advisory: 20160928 Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
http://www.securitytracker.com/id/1036914
Common Vulnerability Exposure (CVE) ID: CVE-2016-6382
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106312
Kategorie:	CISCO
Titel:	CiscoIOS XE Software Multicast Routing Denial of Service Vulnerabilities
Zusammenfassung:	Multiple vulnerabilities in the multicast subsystem of Cisco IOS XE;Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The;issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).
Beschreibung:	Summary: Multiple vulnerabilities in the multicast subsystem of Cisco IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). Vulnerability Insight: The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. Vulnerability Impact: A successful exploit could cause the affected device to restart. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6392 BugTraq ID: 93211 http://www.securityfocus.com/bid/93211 Cisco Security Advisory: 20160928 Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp http://www.securitytracker.com/id/1036914 Common Vulnerability Exposure (CVE) ID: CVE-2016-6382 https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04
Copyright	Copyright (C) 2016 Greenbone AG