Advisory ID: cisco-sa-20150730-asr1k
Revision 1.0
For Public Release 2015 July 30 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet.
The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform.
Cisco has released software updates that address this vulnerability.
There are no workarounds to mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą