Denial of service in Cisco ASR 5000 Series Routers
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3865 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco ASR 5000 Series Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU7175
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3865
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers due to improper processing of Internet Key Exchange (IKE) messages. A remote attacker can send specially crafted IKE messages, cause the ipsecmgr service to reload, terminate all active IPsec VPN tunnels, prevent new tunnels from establishing and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Cisco ASR 5000 Series: 21.1.0 - 21.1.v0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
