SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS XR Packet Processing Flaws Let Remote and Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1030878
SecurityTracker URL:  http://securitytracker.com/id/1030878
CVE Reference:   CVE-2014-3376, CVE-2014-3377, CVE-2014-3378, CVE-2014-3379   (Links to External Site)
Date:  Sep 19 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Cisco IOS XR. A remote user can cause denial of service conditions. A remote authenticated user can cause denial of service conditions.

A remote user can send a specially crafted RSVP packet to cause the target RSVP process to reload [CVE-2014-3376]. The vendor has assigned bug ID CSCuq12031 to this vulnerability.

A remote authenticated user can send a specially crafted SNMPv2 packet to cause the target snmpd process to reload [CVE-2014-3377]. The vendor has assigned bug ID CSCun67791 to this vulnerability.

A remote user can send a specially crafted TACACS+ packet to cause the target TACACS+ process to reload [CVE-2014-3378]. The vendor has assigned bug ID CSCum00468 to this vulnerability.

A remote user on the local network can send a specially crafted MPLS packet to the target Cisco Network Convergence System 6000 Series Router to cause a network processor unit and line card to lockup and reload [CVE-2014-3379]. The vendor has assigned bug ID CSCuq10466 to this vulnerability.

Impact:   A remote or remote authenticated user can cause the target process to reload.
Solution:   The vendor has issued a fix.

The vendor's advisories are available at:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376 (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC