SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System TCP Packet Processing Flaw on NX-OS Lets Remote Users Cause the Target TCP Stack to Reload
SecurityTracker Alert ID:  1035160
SecurityTracker URL:  http://securitytracker.com/id/1035160
CVE Reference:   CVE-2015-0718   (Links to External Site)
Date:  Mar 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Unified Computing System. A remote user can cause the target TCP stack to reload.

A remote user can send a specially crafted TCP packet to a port on the target device via a TCP session that is in the TIME_WAIT state to cause the target TCP stack to reload.

Packets sent to the target device via IPv4 or IPv6 can trigger this flaw.

Packets sent via the unicast address on arbitrary interfaces on the device can trigger this flaw.

Traffic sent through the target device cannot trigger this vulnerability.

Cisco Unified Computing System (UCS) devices running NX-OS are affected.

The vendor has assigned bug IDs CSCub70579, CSCue79544, CSCuo58749, CSCup97337, CSCup97345, and CSCup97366 to this vulnerability.

Impact:   A remote user can cause the target TCP stack to reload.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC