Cisco Security Advisory http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Security Advisories Cisco Systems, Inc. 15 GNU Bash Environment Variable Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=GNU%20Bash%20Environment%20Variable%20Command%20Injection%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=GNU Bash Environment Variable Command Injection Vulnerability" border='0' height='0' width='0'></img><p class="line874" style="text-align: left;">On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.</p> All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, authentication is required before exploitation could be attempted.<br /> <br /> A number of Cisco products ship with or use an affected version of the Bash shell. The Bash shell is a third-party software component that is part of the GNU software project and used by a number of software vendors. As of this version of the Security Advisory, there have been a number of vulnerabilities recently discovered in the Bash shell, and the investigation is ongoing. This advisory will be updated as additional information becomes available. Cisco may release free software updates that address this vulnerability if a product is determined to be affected by this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash</a> Tue, 30 Sep 2014 20:57:43 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Cisco IOS Software RSVP Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20RSVP%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software RSVP Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address this vulnerability.<br /> <br /> A workaround that mitigates this vulnerability is available.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Fri, 26 Sep 2014 19:15:33 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20DHCP%20Version%206%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of an affected device.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Session%20Initiation%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages.<br /> <br /> Cisco has released free software updates that address this vulnerability. <br /> <br /> There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip Cisco IOS Software Network Address Translation Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Network%20Address%20Translation%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Network Address Translation Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper translation of IP version 4 (IPv4) packets.<br /> <br /> Cisco has released free software updates that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tvce.cisco.com/security/AIMS/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat Cisco IOS Software Metadata Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Metadata%20Vulnerabilities&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Metadata Vulnerabilities" border='0' height='0' width='0'></img>Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device.<br /> <br /> The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities are not available. <br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20Software%20Multicast%20Domain%20Name%20System&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System" border='0' height='0' width='0'></img>The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition: <ul> <li>Cisco IOS Software mDNS Gateway Memory Leak Vulnerability</li> <li>Cisco IOS Software mDNS Gateway Denial of Service Vulnerability</li> </ul> Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Computing%20System%20E-Series%20Blade%20Servers%20Cisco%20Integrated%20Management%20Controller%20SSH%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability" border='0' height='0' width='0'></img><p>A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.<br /> <br /> The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected.</p> Cisco has released free software updates that address this vulnerability<br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse</a> Mon, 08 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Struts%202%20Command%20Execution%20Vulnerability%20in%20Multiple%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870. <br /> <br /> The vulnerability is due to insufficient sanitization on user-supplied input in the XWorks component of the affected software. The component uses the <em>ParameterInterceptors</em> directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. <br /> <br /> Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2</a> Wed, 27 Aug 2014 19:31:48 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2 Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20Cisco%20IOS%20XE%20Software%20EnergyWise%20Crafted%20Packet%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.<br /> <br /> The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted EnergyWise packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.<br /><br /> Cisco has released free software updates that address this vulnerability. <br /> <br /> There are no workarounds for this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise</a> Wed, 20 Aug 2014 20:35:19 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:<br /> <ul> <li>SSL/TLS Man-in-the-Middle Vulnerability</li> <li>DTLS Recursion Flaw Vulnerability</li> <li>DTLS Invalid Fragment Vulnerability</li> <li>SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability</li> <li>SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability</li> <li>Anonymous ECDH Denial of Service Vulnerability</li> <li>ECDSA NONCE Side-Channel Recovery Attack Vulnerability</li> </ul> <p> Please note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.&nbsp;</p> This advisory will be updated as additional information becomes available.<br /> Cisco will release free software updates that address these vulnerabilities. <br /> Workarounds that mitigate these vulnerabilities may be available.&nbsp;<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl</a> Wed, 06 Aug 2014 21:05:23 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl OSPF LSA Manipulation Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=OSPF%20LSA%20Manipulation%20Vulnerability%20in%20Multiple%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=OSPF LSA Manipulation Vulnerability in Multiple Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic.<br /> <br /> The attacker could trigger this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause flushing of the routing table on a targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.<br /> <br /> To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability.<br /> <br /> OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf</a> Thu, 31 Jul 2014 21:23:09 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf