SB2017090703 - Denial of service in Cisco IOS/IOS XE
Published: September 7, 2017
Security Bulletin ID
SB2017090703
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-12211)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists due to IPv6 sub block corruption. A remote attacker can send specially SNMP data to trigger a flaw in the processing of IPv6 packets, consume excessive CPU resources and cause the target device to reload.
Successful exploitation of the vulnerability results in denial of service.
2) Denial of service (CVE-ID: CVE-2017-6627)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The vulnerability exists in the UDP processing code due to the application changes that create UDP sockets and leave the sockets idle without closing them. A remote attacker can send UDP packets with a destination port of 0, cause UDP packets to be held in the input interfaces queue and trigger application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.