PT-2015-4804 · Cisco · Cisco Ios+1
Published
2015-07-22
·
Updated
2017-09-21
·
CVE-2015-0681
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1
Cisco IOS XE versions 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S
Cisco IOS XE versions 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG
Cisco IOS XE version 3.2.xSE before 3.3.0SE
Cisco IOS XE version 3.2.xXO before 3.3.0XO
Cisco IOS XE versions 3.2.xSQ, 3.3.xSQ, and 3.4.xSQ
Description
A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The TFTP server feature is not enabled by default. This issue is caused by improper memory management triggered by multiple requests.
Recommendations
For Cisco IOS versions 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1, update to a fixed version.
For Cisco IOS XE versions 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS, update to version 3.6.0S or later.
For Cisco IOS XE versions 3.1.xSG, 3.2.xSG, and 3.3.xSG, update to version 3.4.0SG or later.
For Cisco IOS XE version 3.2.xSE, update to version 3.3.0SE or later.
For Cisco IOS XE version 3.2.xXO, update to version 3.3.0XO or later.
As a temporary workaround, consider disabling the TFTP server feature until a patch is available.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Ios
Cisco Ios Xe