SB2011041401 - Multiple vulnerabilities in Nextcloud ios

Security Bulletin ID SB2011041401

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2011-0944)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.

2) Race condition (CVE-ID: CVE-2011-1625)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629.

3) Cryptographic issues (CVE-ID: CVE-2011-0935)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. CVSS score derived from: http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_2s.html

Remediation

Install update from vendor's website.

SB2011041401 - Multiple vulnerabilities in Nextcloud ios

Breakdown by Severity

Description

Remediation

References

Please verify you're human