Multiple vulnerabilities in Cisco IOS

Multiple vulnerabilities in Cisco IOS

Secunia แจ้งเตือนช่องโหว่ที่พบใน Cisco IOS จำนวน 5 ช่องโหว่ด้วยกัน โดยพบว่าสามารถถูก exploit ส่งผลให้สามารถ bypass ข้อจำกัดของความปลอดภัย และสามารถถูกโจมตีแบบ DoS ได้ โดยทาง Cisco ได้ออกแพชท์สำหรับ Cisco IOS version 15.0(1)XA5 เพื่อแก้ไขเรียบร้อยแล้ว

Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS, according to Secunia.

1. An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload.

2. An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device.

3. A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet.

4. An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban.

5. A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets.

As a solution, update to Cisco IOS version 15.0(1)XA5.

ที่มา : net-security

Add a Comment

Your email address will not be published. Required fields are marked *