PT-2015-2240 · Cisco · Cisco Asr 9000

Publicado

2015-08-19

Atualizado

2017-09-21

CVE-2015-4277

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco ASR 9000 devices with software versions 5.1.3 and 5.3.0

Description The issue is related to improper closure of vty sessions after a commit/end operation in the global-configuration implementation, allowing local users to cause a denial of service. This can result in the creation of tmp/*config files, memory consumption, and device hang. The problem is associated with errors in resource management.

Recommendations For version 5.1.3, update to a fixed version to resolve the issue. For version 5.3.0, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting local access to the device to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

BDU:2015-11586

CVE-2015-4277

Produtos afetados

Cisco Asr 9000

PT-2015-2240 · Cisco · Cisco Asr 9000

CVE-2015-4277

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4