PT-2015-2197 · Cisco · Cisco Ios+1
Publicado
2015-09-23
·
Atualizado
2016-12-12
·
CVE-2015-6279
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5
Cisco IOS XE versions 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E
Cisco IOS XE versions 3.7E before 3.7.2E
Cisco IOS XE versions 3.9S and 3.10S before 3.10.6S
Cisco IOS XE versions 3.11S before 3.11.4S
Cisco IOS XE versions 3.12S and 3.13S before 3.13.3S
Cisco IOS XE versions 3.14S before 3.14.2S
Description
The issue is related to the IPv6 snooping functionality in the first-hop security subsystem, which allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option. This is due to insufficient input validation. An unauthenticated, remote attacker could exploit this to cause an affected device to reload.
Recommendations
For Cisco IOS versions 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5, update to a fixed version.
For Cisco IOS XE versions 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E, update to version 3.6.3E or later.
For Cisco IOS XE versions 3.7E, update to version 3.7.2E or later.
For Cisco IOS XE versions 3.9S and 3.10S, update to version 3.10.6S or later.
For Cisco IOS XE versions 3.11S, update to version 3.11.4S or later.
For Cisco IOS XE versions 3.12S and 3.13S, update to version 3.13.3S or later.
For Cisco IOS XE versions 3.14S, update to version 3.14.2S or later.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Ios
Cisco Ios Xe