[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 25 Mar 2015 12:05:49 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

Advisory ID: cisco-sa-20150325-cip

Revision 1.0

For Public Release 2015 March 25 16:00  UTC (GMT)

Summary
=======

The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) 
feature contains the following vulnerabilities when processing crafted CIP 
packets that could allow an unauthenticated, remote attacker to cause a denial 
of service (DoS) condition:

  Cisco IOS Software UDP CIP Denial of Service Vulnerability
  Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability
  Cisco IOS Software TCP CIP Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that is affected 
by one of the vulnerabilities may not be affected by the others.

Successful exploitation of any of these vulnerabilities could allow an 
unauthenticated, remote attacker to cause a reload of the forwarding plane, 
resulting in an interruption of services on an affected device. Repeated 
exploitation could result in a sustained DoS condition.

Additionally, successful exploitation of Cisco IOS Software TCP CIP Packet 
Memory Leak Vulnerability could allow an unauthenticated, remote attacker to 
cause a memory leak on an affected device.

Cisco has released free software updates that address these vulnerabilities. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip

Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled 
publication includes seven Cisco Security Advisories. The advisories address 
vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual 
publication links are in Cisco Event Response: Semiannual Cisco IOS & XE 
Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3gQoQAMgga/GDsaG87OcxdBDP3PS0
VWVup8SutEuU6I0Gb+L/PmUYPTNCq7Tc25Cumoqy6z5K7jqNsmsrjzoFeUR86Ksr
GYY1hFEc9M4nOapTzoiNFQAxg8bGxh5u4PemCCg9CbEfqP51ItKUmKKcsmT45YpJ
M2uidBLWkPum0bcfAvD7JMox/luzMFyAiLnb0IJj217hMVr1OmZou66V8cQfWZZl
He+pT5WcPKd116GAB3Gb7B0lcEHduTQAb2psSrPOPJLE4bOwBtyuC17wjCoblQKh
W1SLIddEDTUHIkvKt71ZKjvARIiwdEFnZWd9QoH9DygSvTPoooN168Ub5S9rqVDy
E84p7pJf0FSyAFrXqTdl0vZHIFmZlDwGZnablle1+E878im49dDY2mSLVEQs21Pr
V1iu6R9o+affi4MLFPAQSf1zTx6r6zotCO0Rnp33QfFo97UdLyL7I2qtpZhSczGU
4wTySD8qvM/02rUvszWg/YoJ12A7IU5YMjCXb/Lfkd6UYK/go4BA3BuqZAqSuvAN
AWq6MEdOsV4uuchVm0ha1YgdQzt9vNveR4twYpSiQZ0MnzcB9020nLlHmVAB3+lY
d04mKF1SMQ568mfes8/lNt0fefc6XkVvrZeIk+9uNn+irAynRRBZR2wpnvQT/Xev
qc1FbxmTWdixlVg1kZL6
=b7Xz
-----END PGP SIGNATURE-----

Prev by Date: Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
Next by Date: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
Previous by thread: Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
Next by thread: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
Index(es):
- Date
- Thread