CISCO : Cisco IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106175

Categoría: CISCO

Título: Cisco IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

Resumen: A vulnerability in the processing of Network Time Protocol (NTP);packets by Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an;eventual denial of service (DoS) condition on the affected device.;;The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the;interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP;packets to be processed by an affected device. An exploit could allow the attacker to cause an;interface wedge and an eventual denial of service (DoS) condition on the affected device.;;Cisco has released software updates that address this vulnerability. There are no workarounds that;address this vulnerability. However, there is a mitigation for this vulnerability.

Descripción: Summary:
A vulnerability in the processing of Network Time Protocol (NTP)
packets by Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an
eventual denial of service (DoS) condition on the affected device.

The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the
interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP
packets to be processed by an affected device. An exploit could allow the attacker to cause an
interface wedge and an eventual denial of service (DoS) condition on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that
address this vulnerability. However, there is a mitigation for this vulnerability.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1478
BugTraq ID: 92317
http://www.securityfocus.com/bid/92317
Cisco Security Advisory: 20160804 Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
http://www.securitytracker.com/id/1036541

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106175
Categoría:	CISCO
Título:	Cisco IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
Resumen:	A vulnerability in the processing of Network Time Protocol (NTP);packets by Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an;eventual denial of service (DoS) condition on the affected device.;;The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the;interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP;packets to be processed by an affected device. An exploit could allow the attacker to cause an;interface wedge and an eventual denial of service (DoS) condition on the affected device.;;Cisco has released software updates that address this vulnerability. There are no workarounds that;address this vulnerability. However, there is a mitigation for this vulnerability.
Descripción:	Summary: A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit could allow the attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there is a mitigation for this vulnerability. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1478 BugTraq ID: 92317 http://www.securityfocus.com/bid/92317 Cisco Security Advisory: 20160804 Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge http://www.securitytracker.com/id/1036541
Copyright	Copyright (C) 2016 Greenbone AG