CISCO : Cisco IOS Software Smart Install Memory Leak Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106314

Kategorie: CISCO

Titel: Cisco IOS Software Smart Install Memory Leak Vulnerability

Zusammenfassung: The Smart Install client feature in Cisco IOS Software contains a;vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial;of service (DoS) condition on an affected device.

Beschreibung: Summary:
The Smart Install client feature in Cisco IOS Software contains a
vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial
of service (DoS) condition on an affected device.

Vulnerability Insight:
The vulnerability is due to incorrect handling of image list parameters.
An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786.

Vulnerability Impact:
A successful exploit could cause the device to leak memory and eventually
reload, resulting in a DoS condition.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6385
BugTraq ID: 93203
http://www.securityfocus.com/bid/93203
Cisco Security Advisory: 20160928 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04
http://www.securitytracker.com/id/1036914

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106314
Kategorie:	CISCO
Titel:	Cisco IOS Software Smart Install Memory Leak Vulnerability
Zusammenfassung:	The Smart Install client feature in Cisco IOS Software contains a;vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial;of service (DoS) condition on an affected device.
Beschreibung:	Summary: The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. Vulnerability Insight: The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. Vulnerability Impact: A successful exploit could cause the device to leak memory and eventually reload, resulting in a DoS condition. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6385 BugTraq ID: 93203 http://www.securityfocus.com/bid/93203 Cisco Security Advisory: 20160928 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04 http://www.securitytracker.com/id/1036914
Copyright	Copyright (C) 2016 Greenbone AG