Cisco ASR 1000 Series Routers Fragmented Packet Processing Flaw Lets Remote Users Cause the Target System to Crash
|
SecurityTracker Alert ID: 1033131 |
SecurityTracker URL: http://securitytracker.com/id/1033131
|
CVE Reference:
CVE-2015-4291
(Links to External Site)
|
Date: Jul 30 2015
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.1.x - 2.5.x
|
Description:
A vulnerability was reported in Cisco ASR 1000 series routers. A remote user can cause the target device to reload.
A remote user can send a specially crafted sequence of IPv4 or IPv6 packets to the target IOS-XE ASR 1000 series device to cause the target Embedded Services Processor (ESP) to crash. As a result, the target device will reload.
The vendor has assigned bug ID CSCtd72617 to this vulnerability.
|
Impact:
A remote user can cause the target device to reload.
|
Solution:
The vendor has issued a fix (2.4.3, 2.5.1).
The vendor's advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k (Links to External Site)
|
Cause:
State error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|