Announcement Announcement Module
Collapse
No announcement yet.
Cisco IOS Software RSVP Vulnerability Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco IOS Software RSVP Vulnerability

    Cisco IOS Software RSVP Vulnerability

    Severity Rating: High

    Systems Affected
    • Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.3
    • Cisco IOS XE Software 2.x, 3.x, 3.2.x, 3.3.x, 3.4x

    Overview
    A vulnerability have been reported in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software which could allow an unauthenticated remote attacker to cause the device to reload which results in a Denial of Service (DoS) condition.

    Description
    The vulnerability is due to improper processing of certain malformed RSVP packets processed by an affected device.
    An attacker could exploit this vulnerability by sending certain malformed IPv4 or IPv6 RSVP packets via UDP port 1698 to a targeted device.

    Successful repeatedly exploitation of this vulnerability could allow a remote attacker to cause the device to reload which results in a DoS condition.

    Solution
    Apply appropriate updates as mentioned in CISCO advisory:
    http://tools.cisco.com/security/cent...-20140924-rsvp

    Vendor Information References

    CISCO
    http://tools.cisco.com/security/cent...-20140924-rsvp

    References
    CISCO
    http://tools.cisco.com/security/cent...?alertId=35621
Tag Cloud Tag Cloud Module
Collapse
Working...
X