CISCO : Cisco IOS Software RADIUS Client Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105635

Categoría: CISCO

Título: Cisco IOS Software RADIUS Client Denial of Service Vulnerability

Resumen: A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated,; remote attacker to cause a reload of the affected device.;; The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server.; An attacker could exploit this vulnerability by configuring a RADIUS server with a shared RADIUS secret and returning malformed; answers back to a RADIUS client on an affected Cisco device. An exploit could allow the attacker to cause a reload of the affected device.;; Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.; This advisory is available at the references.

Descripción: Summary:
A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated,
remote attacker to cause a reload of the affected device.

The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server.
An attacker could exploit this vulnerability by configuring a RADIUS server with a shared RADIUS secret and returning malformed
answers back to a RADIUS client on an affected Cisco device. An exploit could allow the attacker to cause a reload of the affected device.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the references.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.3

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-6263
Cisco Security Advisory: 20151005 Cisco IOS Software RADIUS Client Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius
http://www.securitytracker.com/id/1033747

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105635
Categoría:	CISCO
Título:	Cisco IOS Software RADIUS Client Denial of Service Vulnerability
Resumen:	A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated,; remote attacker to cause a reload of the affected device.;; The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server.; An attacker could exploit this vulnerability by configuring a RADIUS server with a shared RADIUS secret and returning malformed; answers back to a RADIUS client on an affected Cisco device. An exploit could allow the attacker to cause a reload of the affected device.;; Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.; This advisory is available at the references.
Descripción:	Summary: A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this vulnerability by configuring a RADIUS server with a shared RADIUS secret and returning malformed answers back to a RADIUS client on an affected Cisco device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the references. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.3 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6263 Cisco Security Advisory: 20151005 Cisco IOS Software RADIUS Client Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius http://www.securitytracker.com/id/1033747
Copyright	Copyright (C) 2016 Greenbone AG