Denial of service in Cisco ASR 5000 Series - CVE-2017-3865
Published: June 22, 2017
Vulnerability identifier: #VU7175
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-3865
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASR 5000 Series
Cisco ASR 5000 Series
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers due to improper processing of Internet Key Exchange (IKE) messages. A remote attacker can send specially crafted IKE messages, cause the ipsecmgr service to reload, terminate all active IPsec VPN tunnels, prevent new tunnels from establishing and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers due to improper processing of Internet Key Exchange (IKE) messages. A remote attacker can send specially crafted IKE messages, cause the ipsecmgr service to reload, terminate all active IPsec VPN tunnels, prevent new tunnels from establishing and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-3865
Install update from vendor's website.