[SANOG] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Mar 25 16:07:26 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Advisory ID: cisco-sa-20150325-iosxe

Revision 1.0

For Public Release 2015 March 25 16:00  UTC (GMT)

Summary
=======

  Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contains the following vulnerabilities:
  Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability
  Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability
  Cisco IOS XE Software Crafted IPv6 Packet Denial of Service Vulnerability
  Cisco IOS XE Software Layer 4 Redirect Crafted Packet Denial of Service Vulnerability
  Cisco IOS XE Software Common Flow Table Crafted Packet Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the forwarding plane, causing an interruption of services. Repeated exploitation could result in a sustained denial of service (DoS) condition.

Successful exploitation of Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability could allow an unauthenticated remote attacker to execute malicious code on the affected device.

Cisco has released free software updates that address these vulnerabilities. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe

Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3VW8QAL2oALHAprX3uic7IXrFPW95
Cb4bqya2PjrAzZmGlDFCGr2Mko0j+Q9zgX/AGjrtQkaZaHHp7KhpdLGNrnpyEpgj
Da9TYL5k/JW/xxWmh3u9q62tUjlgHRHAUqsWAKq7jgJuftqS6u5BdTIIuBhTZeqo
yy9QrHTnKtiDwjW4pyvEXft+2OaRZ2u5w+9jdRk6YO41OEHdeiPBQwzOZNQUPi6C
n60N1DsvPm8V+u/3i1h1ApENv8iqm/5PxF4pqPC3QgBAzI0JoV6qUokts3U15B6W
1M1cd+lBBze2ztgP8tMhYbwFcbx8WjydYdNjHpaWhv9S+eCWW63nUmlpU4x0Vx9X
bVwsooTAtf+j+bfxxq2Agm14n/mjTb/+7Fwh9idoA3UVC1JfMpXuXwKAPXr7Sumz
00kXL2A44thnrEYB+sZmo24XiC/Y+QC0rILr6S1GBy7t/h6qRA4MzITIu0T54jle
lwYwwI1RPmo0QL4XFXUUmtowlfvpH3lu5PFD/BwbV5cdsiDrs/ahqcwBVNnReQQe
cUUYGBuYz2t3UOuYLQCyaNrd3OzLOn5wYrGk3veODzpYkNOH23fM1YiTVj/5qdV+
l22QBt/wgcrEN42YroCJxK1hxAMO7sB2qCJO/sCGirxN4AEYmp3xqTPb6T76a8jf
lcPMb9mmEb9Mc8shvJmS
=j74G
-----END PGP SIGNATURE-----


More information about the sanog mailing list