Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco IOS
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12298
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные DoS-условия.
Затронутые продукты:CISCO : IOS 12.2
 CISCO : IOS 15.0
 CISCO : IOS 15.1
 CISCO : IOS 15.2
 CISCO : IOS XE 3.3
 CISCO : IOS XE 3.2
 CISCO : IOS XE 3.4
 CISCO : IOS XE 3.5
CVE:CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.)
 CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.)
 CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643.)
 CVE-2012-0386 (The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.)
 CVE-2012-0385 (The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.)
 CVE-2012-0383 (Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326.)
 CVE-2012-0381 (The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability (02.04.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород