Cisco ASR 1000 Series Router L2TP/IPv4/IPv6/SIP/H.323 Processing Bugs Let Remote Users Cause the Target System to Crash : 8/28/2015 9:38:16 PM

Group Chat & IM for Teams Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors

 

 

Vulnerability Databse

This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

Cisco ASR 1000 Series Router L2TP/IPv4/IPv6/SIP/H.323 Processing Bugs Let Remote Users Cause the Target System to Crash
8/28/2015 12:00:00 AM

Cisco ASR 1000 Series Router L2TP/IPv4/IPv6/SIP/H.323 Processing Bugs Let Remote Users Cause the Target System to Crash

SecurityTracker Alert ID:  1033410

SecurityTracker URL:  http://securitytracker.com/id/1033410

CVE Reference:   CVE-2015-6267, CVE-2015-6269, CVE-2015-6270, CVE-2015-6271, CVE-2015-6272   (Links to External Site)

Date:  Aug 28 2015

Impact:   Denial of service via network

Fix Available:  Yes  Vendor Confirmed:  Yes

Description:   Multiple vulnerabilities were reported in Cisco ASR 1000 Series Routers. A remote user can cause the target system to crash. A remote user can send a specially crafted packet to cause the target Embedded Services Processor (ESP) to crash and the target device to reload. Layer 2 Tunneling Protocol (L2TP) processing is affected [CVE-2015-6267]. The vendor has assigned bug IDs CSCsw95722 and CSCsw95496 to this vulnerability. IPv4 and IPv6 processing is affected [CVE-2015-6269]. The vendor has assigned bug ID CSCsw69990 to this vulnerability. IPv6 processing is affected [CVE-2015-6270]. The vendor has assigned bug ID CSCsv98555 to this vulnerability. SIP processing on systems configured with Network Address Translation Application Layer Gateway (NAT ALG) are affected [CVE-2015-6271]. The vendor has assigned bug IDs CSCta74749 and CSCta77008 to this vulnerability. H.323 processing on systems configured with NAT ALG or the Firewall feature are affected [CVE-2015-6272]. The vendor has assigned bug IDs CSCsx35393, CSCsx07094, and CSCsw93064 to this vulnerability.

Impact:   A remote user can cause the target system to reload.

Solution:   The vendor has issued a fix. The vendor's advisories are available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=40684 http://tools.cisco.com/security/center/viewAlert.x?alertId=40686 http://tools.cisco.com/security/center/viewAlert.x?alertId=40687 http://tools.cisco.com/security/center/viewAlert.x?alertId=40688 http://tools.cisco.com/security/center/viewAlert.x?alertId=40689

Vendor URL:  tools.cisco.com/security/center/viewAlert.x?alertId=40684 (Links to External Site)

Cause:   State error

Underlying OS:

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions