Cisco Security Advisories

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018

Tue, 2018-11-06 16:17

On August 14, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center (CERT/CC) disclosed a vulnerability in the IP stack that is used by the Linux Kernel. This vulnerability is publicly known as FragmentSmack.

The vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attack could be executed by an attacker who can submit a stream of fragmented IPv4 or IPv6 packets that are designed to trigger the issue on an affected device.

The vulnerability is due to inefficient IPv4 and IPv6 fragment reassembly algorithms in the IP stack that is used by the affected kernel. Linux Kernel Versions 3.9 and later are known to be affected by this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment


Security Impact Rating: High
CVE: CVE-2018-5391
Categories: Security Alerts

Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018

Tue, 2018-11-06 16:09

On August 6, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center (CERT/CC) disclosed vulnerabilities in the TCP stacks that are used by the Linux and FreeBSD kernels. These vulnerabilities are publicly known as SegmentSmack.

The vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attack could be executed by using low transfer rates of TCP packets, unlike typical distributed denial of service (DDoS) attacks.

The vulnerabilities are due to inefficient TCP reassembly algorithms in the TCP stacks that are used by the affected kernels. Linux Kernel Versions 4.9 and later and all supported versions of the FreeBSD kernel are known to be affected by these vulnerabilities.

An attacker could exploit these vulnerabilities by sending a stream of packets that are designed to trigger the issue in an established TCP session with an affected device. A sustained DoS condition requires the attacker to maintain a continuous stream of malicious traffic. Due to the required use of an established session, an attack cannot be performed using spoofed IP addresses.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp


Security Impact Rating: High
CVE: CVE-2018-5390,CVE-2018-6922
Categories: Security Alerts

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

Fri, 2018-11-02 21:16

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly.

The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection.


Security Impact Rating: High
CVE: CVE-2018-0291
Categories: Security Alerts

Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability

Thu, 2018-11-01 13:00
On November 1st, 2018, Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2018-16986.

The vulnerability is due to a memory corruption condition that may occur when processing malformed BLE frames. An attacker in close proximity to an affected device that is actively scanning could exploit the issue by broadcasting malformed BLE frames. A successful exploit may result in the attacker gaining the ability to execute arbitrary code or cause a denial of service condition on an affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap


Security Impact Rating: High
CVE: CVE-2018-16986
Categories: Security Alerts

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability

Wed, 2018-10-31 17:30
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device.

Software updates that address this vulnerability are not yet available. There are no workarounds that address this vulnerability. Mitigation options that address this vulnerability are available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos


Security Impact Rating: High
CVE: CVE-2018-15454
Categories: Security Alerts

Pages