SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco NX-OS Vendors:   Cisco
Cisco NX-OS TCP Packet Processing Flaw Lets Remote Users Cause the Target TCP Stack to Reload
SecurityTracker Alert ID:  1035159
SecurityTracker URL:  http://securitytracker.com/id/1035159
CVE Reference:   CVE-2015-0718   (Links to External Site)
Date:  Mar 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco NX-OS. A remote user can cause the target TCP stack to reload.

A remote user can send a specially crafted TCP packet to a port on the target device via a TCP session that is in the TIME_WAIT state to cause the target TCP stack to reload.

Packets sent to the target device via IPv4 or IPv6 can trigger this flaw.

Packets sent via the unicast address on arbitrary interfaces on the device can trigger this flaw.

Traffic sent through the target device cannot trigger this vulnerability.

The following models are affected:

1000V Series
3000 Series
4000 Series
5000 Series
6000 Series
7000 Series

The vendor has assigned bug IDs CSCub70579, CSCue79544, CSCuo58749, CSCup97337, CSCup97345, and CSCup97366 to this vulnerability.

Impact:   A remote user can cause the target TCP stack to reload.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

The vendor's advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC