SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Intrusion Detection)  >   Cisco Intrusion Prevention System Vendors:   Cisco
Cisco Intrusion Prevention System Packet Processing Flaws Let Remote Users Deny Service
SecurityTracker Alert ID:  1028806
SecurityTracker URL:  http://securitytracker.com/id/1028806
CVE Reference:   CVE-2013-1218, CVE-2013-1243, CVE-2013-3410, CVE-2013-3411   (Links to External Site)
Date:  Jul 17 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Cisco Intrusion Prevention System. A remote user can cause denial of service conditions.

A remote user can send specially crafted packets to the management interface via IPv4 to cause the target MainApp process to become unresponsive, preventing alert notification, event store management, and sensor authentication and causing the Cisco IPS web server will to be unavailable [CVE-2013-1243]. The vendor has assigned bug ID CSCtx18596 to this vulnerability.

A remote user can send specially crafted fragmented IP packets through a system to cause the Cisco IPS SSP software module Analysis Engine process on the target Cisco ASA 5500-X Series device to become unresponsive or reload [CVE-2013-1218]. Cisco IPS SSP hardware modules on the Cisco ASA5585-X Series are not affected. The vendor has assigned Cisco bug ID CSCue51272 to this vulnerability.

A remote user can send specially crafted IP packets via IPv4 to the management interface to cause the target system to reload [CVE-2013-3410]. Cisco IPS Software running on Cisco IPS NME is affected. The vendor has assigned bug ID CSCua61977 to this vulnerability.

A remote user can send specially crafted TCP packets (pre-handshake) to the management interface to trigger a flaw in the IDSM-2 drivers and cause the target system kernel to become unresponsive, preventing alert notification, event store management, sensor authentication, and traffic inspection and causing the Cisco IPS web server to be unavailable [CVE-2013-3411]. A hard reboot is required to return the system to normal operations. Cisco IPS Software running on Cisco IDSM-2 Module is affected. The vendor has assigned bug ID CSCuh27460 to this vulnerability.

Impact:   A remote user can cause the target system or interface to become unavailable or reload.
Solution:   The vendor has issued a fix, except for CVE-2013-3411. A patch matrix is available in the vendor's advisory.

No solution was available for CVE-2013-3411 at the time of this entry. However, the vendor has provided a workaround.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Multiple Vulnerabilities in Cisco Intrusion Prevention System Software

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco Intrusion Prevention System Software

Advisory ID: cisco-sa-20130717-ips

Revision 1.0

For Public Release 2013 July 17 16:00  UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

Cisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities:

	Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability
	Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability
	Cisco IPS NME Malformed IP Packets Denial of Service Vulnerability
	Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability

The Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive.

The Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive due to memory corruption or could cause the reload of the affected system. 

The Cisco IPS NME Malformed IP Packets Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause a reload of a Cisco Intrusion Prevention System Network Module Enhanced (IPS NME).

The Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the kernel of the Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module to become unresponsive.

Successful exploitation of any of these vulnerabilities could result in a denial of service (DoS) condition.

Cisco has released free software updates that address all the vulnerabilities in this advisory with the exception of the Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability. Customers running a vulnerable version of the Cisco IDSM-2 Module should refer to the "Workarounds" section of this advisory for available mitigations. 

Workarounds that mitigate the Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability and Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability are available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlHmuDoACgkQUddfH3/BbTqVGgD9GUaZyGJh2MeFZcpsPu/IkyvC
xtlb3R3Sbmc/puaRP6UBAIsCRAdxcjhBriR9wdq5AZ44SdrytmlkJMWw5/+pvxhN
=3Yzq
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC