nanog mailing list archives

Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities

From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Wed, 24 Sep 2014 12:23:47 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS Software Metadata Vulnerabilities

Advisory ID: cisco-sa-20140924-metadata

Revision 1.0

For Public Release 2014 September 24 16:00  UTC (GMT)

Summary
+======

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker 
to reload a vulnerable device.

The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata 
infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected 
device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are not available. 

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata

Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security 
Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco 
Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUIZNfAAoJEIpI1I6i1Mx3SpwP/jfNLKisT8kvgV2iMhFr0Z2w
1oOqnYmG1WWNh/yXh+uKIPeHUDSYjsW1ntAP/vnuw1Op2UDPMl1fTWe4AWo8huOf
R2cq3dCBZRfKmlhfJAGuqaramkAITwLPNsODwIHZUwXYQPrHnlZB7c/Ry8dkE+d5
ATGeGFS9nDnboAKyRFyusLarQ95X+Yukpq/BmGLXd+neuC+tz4x1PCBvQJdeqaMx
Fg2r94dg0mhzwYJ/HBLVUk4OJRYhJxUeJw7zqrB9GGZnYry+ll8qY9pSbMVpI1Yy
523Okpes5zJ1KNR+uceABj1SSpe0n+LAfqj8ekkzrZz7CQGONYEd39PSor73zKBE
1SmyUVj75hoH3rx45SQLgArvfUXkJZLeSgnstWU7DCIlD5OjxMbazq8nlU9cmD5q
gXKtPLZI8/xREwUjmmowv3ykSscxW7x0EBL/NCG+JcXmTGS26gf8SGsVfkDYIkuo
iLxrgkiuvXtq+SGLdmRnfC7Ts2m/5E1AJHW7V64yZ+tNLW4XM5cMjMtDZXTQdQHN
sQvPe8E4sFFpcSn2vi0Y5weBItr3p+QGDF5HxojPr1NLZz8bHUBWJ6kjYvDynM3C
yGXTgEI7g8vmzcfeBTZCa3Us/qDb+0DZFzt15TpUbZmcuVjcoSo3myp1+XzP7ky2
xC9OlRnpvnRWrSnAXcLe
=E9az
-----END PGP SIGNATURE-----

Current thread:

Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 24)