Denial of service in Cisco ASR 900 Series

Published: 2019-01-10 16:56:09
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2018-15464
CVSSv3 4.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:U]
CWE ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software Cisco ASR 900 Series
Vulnerable software versions Cisco ASR 900 Series 16.6.2
Vendor URL Cisco Systems, Inc

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to insufficient handling of certain broadcast packets ingress to the device. A remote attacker can send large streams of broadcast packets to an affected device and impact services running on the device, resulting in a partial DoS condition.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-asr900-dos

Back to List