Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Cisco

 

Systems Affected


Cisco IOS Software versions 15.2(1)T1.11 and 15.2(2)TST
Cisco IOS Software versions 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S and 15.4(1.13)S
Cisco cBR-8 Series Converged Broadband Routers running Cisco IOS XE Software Release 3.15S or 3.16S prior

Threat Level


High


Overview


Multiple vulnerabilities have been reported in Cisco which could be exploited by an unauthenticated remote attacker to cause denial of service condition (DoS) and to access an invalid memory region on the targeted device.


Description


1. Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability ( CVE-2016-1424 CVE-2016-1425 )
This vulnerability is due to improper handling of crafted Link Layer Discovery Protocol (LLDP) packets which could be exploited by a remote attacker by sending specially crafted LLDP packets to cause the affected device to crash. Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of service (DoS) condition on the targeted device.

2. Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability ( CVE-2016-1432 )
This vulnerability exits due to the affected platform does not properly trap SNMP read requests for a specific object ID that is not supported by the platform and SNMP process may attempt to reference a pointer with the NULL value which could be exploited by a remote attacker to authenticate to an affected device may submit a valid SNMP request and supervisor card that serviced the request to restart on the targeted device. Successful exploitation of this vulnerability could allow a remote attacker to access an invalid memory region resulting in denial of service (DoS) condition.


Impact



Solution/ Workarounds


Apply appropriate updates as mentioned in CISCO advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-cbr


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.