PT-2014-1320 · Cisco · Cisco Ios Xe+1
Publicado
2014-03-26
·
Atualizado
2017-05-23
·
CVE-2014-2113
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 15.1 through 15.3
Cisco IOS XE versions 3.3 and 3.5 before 3.5.2E
Cisco IOS XE versions 3.7 before 3.7.5S
Cisco IOS XE versions 3.8, 3.9, and 3.10 before 3.10.2S
Description
A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet.
Recommendations
For Cisco IOS versions 15.1 through 15.3, update to a fixed version.
For Cisco IOS XE versions 3.3 and 3.5 before 3.5.2E, update to version 3.5.2E or later.
For Cisco IOS XE versions 3.7 before 3.7.5S, update to version 3.7.5S or later.
For Cisco IOS XE versions 3.8, 3.9, and 3.10 before 3.10.2S, update to version 3.10.2S or later.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Ios
Cisco Ios Xe