Jump to content
Калькуляторы

Cisco, пачка security advisory

Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability

A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet.

 

Cisco has released free software updates that address this vulnerability.

There are no workarounds to mitigate this vulnerability.

Cisco IOS Software SSL VPN Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

 

The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device.

 

Cisco has released free software updates that address this vulnerability.

There are no workarounds to mitigate this vulnerability.

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition.

 

Cisco has released free software updates that address these vulnerabilities.

There are no workarounds to mitigate these vulnerabilities.

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition.

 

The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition.

 

Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet.

 

Only IKEv2 packets can trigger this vulnerability.

 

Cisco has released free software updates that address this vulnerability.

There are no workarounds to mitigate this vulnerability.

Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability

A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6.

 

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

Ну и еше немножко, все вместе по ссылке:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html

Share this post


Link to post
Share on other sites

Ааа, мы когда-то с ka_gmac_reset на 7600 втерпали. Теперь хоть причина ясна :)

Share this post


Link to post
Share on other sites

Там этих граблей и в других железяках наложено. Грустная весть, меня поимели, с голосовой 2600. Каким-то образом сумели слить звонки по h.323 в pstn через стык с ГТС. Ту тут еще многие вопросы, и я ч***к, но и у них на нас должны быть закрыты выходы в наружу. за 5 часов идиотства через меня влили 80000 секунд :(

Share this post


Link to post
Share on other sites

lelio : hmmm, how do i find out my multicast routes?

isp : do a "show ip mroute"

lelio : ok.

<pause>

lelio : um, my router rebooted.

isp : really? show commands shouldn't do that. it must have been something else. try again.

lelio : ok.

<pause>

lelio : um, my router rebooted again.

isp : oh. ok, don't type that command in again. call Cisco TAC.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this