Cisco Security Advisory http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Row Hammer Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Row%20Hammer%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Row Hammer Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack, the attacker must execute a malicious binary on an affected system.<br /> <br /> In addition, the research focused on consumer hardware that did not have a number of mitigations and memory protections that have been integrated into chipsets and memory modules used in Cisco server-class products. Of note in the paper is that the researchers were unable, in their testing, to exploit devices that use Error-Correcting Code (ECC) memory.<br /> <br /> Cisco offers a limited number of products that allow an unprivileged user to load and execute binaries.<br /> <br /> The research report is at the following link:<br /> <a href="http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html">http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html</a><br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer</a> Mon, 30 Mar 2015 20:31:35 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=GNU%20glibc%20gethostbyname%20Function%20Buffer%20Overflow%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=GNU glibc gethostbyname Function Buffer Overflow Vulnerability" border='0' height='0' width='0'></img>On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affects applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited.<br /> <br /> The <em>glibc</em> library is a commonly used third-party software component that is released by the GNU software project and a number of Cisco products are likely affected.<br /> <br /> This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost</a> Fri, 27 Mar 2015 19:59:34 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:<br /> <ul> <li>SSL/TLS Man-in-the-Middle Vulnerability</li> <li>DTLS Recursion Flaw Vulnerability</li> <li>DTLS Invalid Fragment Vulnerability</li> <li>SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability</li> <li>SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability</li> <li>Anonymous ECDH Denial of Service Vulnerability</li> <li>ECDSA NONCE Side-Channel Recovery Attack Vulnerability</li> </ul> <br /> Please note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.<br /> <br /> Cisco will release free software updates that address these vulnerabilities. <br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl</a> Fri, 27 Mar 2015 19:50:23 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20mDNS%20Gateway%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device.<br /> <br /> The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Thu, 26 Mar 2015 20:49:58 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Virtual%20Routing%20and%20Forwarding%20ICMP%20Queue%20Wedge%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability" border='0' height='0' width='0'></img>A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to a failure to properly process malicious ICMP version 4 (ICMPv4) messages received on a VRF-enabled interface. An attacker could exploit this vulnerability by submitting ICMPv4 messages designed to trigger the vulnerability on an affected device. When the ICMPv4 messages are processed, the packet queue of the affected interface may not be cleared, leading to a queue wedge. When a wedge occurs, the affected device will stop processing any additional packets received on the wedged interface.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Thu, 26 Mar 2015 19:21:37 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(March%202015)%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory. On March 19, 2015, the OpenSSL Project released a security advisory detailing 13 distinct vulnerabilities. The following seven are actively under investigation and the vulnerabilities are referenced in this document as follows:<br /> <br /> <ul> <li>CVE-2015-0286: OpenSSL ASN1_TYPE_cmp Denial of Service Vulnerability</li> <li>CVE-2015-0287: OpenSSL ASN.1 Structure Reuse Memory Corruption Vulnerability</li> <li>CVE-2015-0289: OpenSSL PKCS7 NULL Pointer Dereference Denial of Service Vulnerability</li> <li>CVE-2015-0292: OpenSSL Base64 Decoding Memory Corruption Vulnerability</li> <li>CVE-2015-0293: OpenSSL SSLv2 CLIENT-MASTER-KEY Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-0209: OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service Vulnerability</li> <li>CVE-2015-0288: OpenSSL X.509 to PKCS#10 Denial of Service Vulnerability</li> </ul> <br /> The following six vulnerabilities do not affect any Cisco products:<br /> <ul> <li>CVE-2015-0291: OpenSSL ClientHello sigalgs Denial of Service Vulnerability</li> <li>CVE-2015-0290: OpenSSL Multiblock Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-0207: OpenSSL DTLSv1_listen SSL Object Corruption Denial of Service Vulnerability</li> <li>CVE-2015-0208: OpenSSL Invalid Probabilistic Signature Scheme Parameters Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-1787: OpenSSL Empty ClientKeyExchange Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-0285: OpenSSL Handshake with Unseeded PRNG Predictable Value Vulnerability&nbsp;</li> </ul> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl</a> Thu, 26 Mar 2015 19:13:07 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(January%202015)%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: <ul> <li>CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability</li> <li>CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability</li> <li>CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability</li> <li>CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability</li> <li>CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability</li> <li>CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability</li> <li>CVE-2014-8275:&nbsp;OpenSSL Certificate Fingerprint Validation Vulnerability</li> <li>CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue</li> </ul> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl</a> Thu, 26 Mar 2015 14:49:48 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl Multiple Vulnerabilities in ntpd Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20ntpd%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in ntpd Affecting Cisco Products " border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the <em>ntpd </em>package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.<br /> <br /> On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: <br /> <ul> <li>CVE-2014-9293:&nbsp;Weak Default Key in config_auth()</li> <li>CVE-2014-9294:&nbsp;Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Symmetric Keys</li> <li>CVE-2014-9295:&nbsp;Multiple Buffer Overflow Vulnerabilities in ntpd</li> <li>CVE-2014-9296:&nbsp;ntpd receive(): Missing Return on Error</li> </ul> <br /> On February 4, 2015, NTP.org and US-CERT released two additional vulnerabilities regarding improper validation of <em>vallen</em> in <em>ntp_crypto.c</em>&nbsp;and an IPv6 ::1 ACL bypass vulnerability. These vulnerabilities were added to their original advisory. For completeness, these vulnerabilities are referenced in this document as follows:<br /> <ul> <li>CVE-2014-9297:&nbsp;NTP ntp_crypto.c Improper Validation Vulnerability</li> <li>CVE-2014-9298:&nbsp;NTP IPv6 ACL Bypass Vulnerability</li> </ul> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities are available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd</a> Thu, 26 Mar 2015 14:28:50 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%202%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can only be triggered by sending malformed IKEv2 packets.<br /> <br /> There are no workarounds for the vulnerabilities described in this advisory. Cisco has released free software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 21:38:14 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20TCP%20Packet%20Memory%20Leak%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device.<br /> <br /> The vulnerability is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this vulnerability by sending a crafted sequence of TCP packets while establishing a three-way handshake. A successful exploit could allow the attacker to cause a memory leak and eventual reload of the affected device.<br /> <br /> There are no workarounds for this vulnerability.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 21:32:29 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20Autonomic%20Networking%20Infrastructure&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure" border='0' height='0' width='0'></img>The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device.<br /> <ul> <li>Autonomic Networking Registration Authority Spoofing Vulnerability</li> <li>Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability</li> <li>Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability</li> </ul> Cisco has released free software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 21:21:35 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20Software%20Common%20Industrial%20Protocol&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol" border='0' height='0' width='0'></img>The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition:<br /> <ul> <li>Cisco IOS Software UDP CIP Denial of Service Vulnerability</li> <li>Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability</li> <li>Cisco IOS Software TCP CIP Denial of Service Vulnerability</li> </ul> <br /> These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.<br /> <br /> Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the forwarding plane, resulting in an interruption of services on an affected device. Repeated exploitation could result in a sustained DoS condition.<br /> <br /> Additionally, successful exploitation of Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip