PT-2015-2198 · Cisco · Cisco Ios+1
Publicado
2015-09-23
·
Atualizado
2017-01-04
·
CVE-2015-6278
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5
Cisco IOS XE versions 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E
Cisco IOS XE versions 3.7E before 3.7.2E
Cisco IOS XE versions 3.9S and 3.10S before 3.10.6S
Cisco IOS XE versions 3.11S before 3.11.4S
Cisco IOS XE versions 3.12S and 3.13S before 3.13.3S
Cisco IOS XE versions 3.14S before 3.14.2S
Description
The IPv6 snooping functionality in the first-hop security subsystem does not properly implement the Control Plane Protection feature, allowing remote attackers to cause a denial of service via a flood of ND packets. This issue exists due to insufficient input validation, which can be exploited by an unauthenticated, remote attacker to cause an affected device to reload.
Recommendations
For Cisco IOS versions 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5, update to a fixed version.
For Cisco IOS XE versions 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E, update to version 3.6.3E or later.
For Cisco IOS XE versions 3.7E, update to version 3.7.2E or later.
For Cisco IOS XE versions 3.9S and 3.10S, update to version 3.10.6S or later.
For Cisco IOS XE versions 3.11S, update to version 3.11.4S or later.
For Cisco IOS XE versions 3.12S and 3.13S, update to version 3.13.3S or later.
For Cisco IOS XE versions 3.14S, update to version 3.14.2S or later.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Ios
Cisco Ios Xe