CVE-2017-3860 Cisco IOS和IOS XE软件energywise拒绝服务漏洞 (cisco-sa-20170419-energywise)

漏洞类别:Cisco

漏洞等级:

漏洞信息

Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device.

漏洞危害

An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition.

解决方案

Refer to Cisco ASA advisory cisco-sa-20170419-energywise for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cisco-sa-20170419-energywise: Cisco IOS

0day

发表评论