[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-nsp
Subject: [c-nsp] Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability
From: psirt () cisco ! com
Date: 2017-03-22 16:15:55
Message-ID: 201703221615.8.iox
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability
Advisory ID: cisco-sa-20170322-iox
Revision: 1.0
For Public Release: 2017 March 22 16:00 GMT
Last Updated: 2017 March 22 16:00 GMT
CVE ID(s): CVE-2017-3853
CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx \
application environment could allow an unauthenticated, remote attacker to cause a \
stack overflow that could allow remote code execution with root privileges in the \
virtual instance running on an affected device.
The vulnerability is due to insufficient bounds checking in the DMo process. An \
attacker could exploit this vulnerability by sending crafted packets that are \
forwarded to the DMo process for evaluation. The impacts of a successful exploit are \
limited to the scope of the virtual instance and do not impact the router that is \
hosting Cisco IOx.
Cisco has released software updates that address this vulnerability. There are no \
workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox \
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox"]
-----BEGIN PGP SIGNATURE-----
iQKBBAEBAgBrBQJY0qMqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnAgQ/9E53gx3RzJorkoUhK
ncGbIGWeBmDJJqyU7lgAvZDCbJKZTTYaLcz8IhiGH/DEonfEoPlRf5YIoHdEDbTV
8eE8sBnNXqVjSJatVvdLZWilZthTrgT8aQgX+t6PWOrbbERXf8XYUYX7wz2/IkEq
j2x4IR9ZpgJVVazFJFuC2D/Sz6j9LB65xEbUe6d3K6ZLbCAYrm9AHA6+nTrQqPTL
enfW/RhD1ciu6m5y0sOg0VE68C8pDJV/a8BPtVk3Rz22oesWVkpZPRSJXzk1M6H7
35a8EHozoqZen3Ojb27bgVlIG+scyyJDZzgmpz7+l1A6h5Uq1UL/sss2foiz0Te3
UOM79CSBSzR6woF+3qFBDwumNGhjHdlrfg8t+XDzhSh3+BQ5zNUijZB4+X7f/R+8
SdYAtHiSGXDg9RR9GTeRKCyjl7RqwJ9IMMmR1qyJSkI41UL20CPdt9mK0ajlzzhD
qMh0iMZtlvjoxjhix5lXpXXpIDb2iwCQcHma76Cq32MkKL8HOXfJq7rpZPH8p6tH
An9VjssLWjiMWnO1nhtP+i+zYEmp9U/jK2VVw1t4Fzv8HfdscWr3RLrSxyJOjQO9
SvN++XAo0ERp8TcMeV8skCqeV+JgzUAZ3JlKODR/R//lJPQLfuqfJoTPOxabROuy
Uxj5oDgf6UpOaZOli8Av//fSiE8=
=Lr/s
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic