Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
BID:10186
Info
Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
| Bugtraq ID: | 10186 |
| Class: | Design Error |
| CVE: |
CVE-2004-0714 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2004 12:00AM |
| Updated: | Mar 19 2015 08:23AM |
| Credit: | This issue was disclosed in the referenced vendor advisory. |
| Vulnerable: |
Cisco ONS 15454E Optical Transport Platform 0 Cisco ONS 15454 Optical Transport Platform 4.1 (3) Cisco ONS 15454 Optical Transport Platform 4.1 (2) Cisco ONS 15454 Optical Transport Platform 4.1 (1) Cisco ONS 15454 Optical Transport Platform 4.1 (0) Cisco ONS 15454 Optical Transport Platform 4.1 Cisco ONS 15454 Optical Transport Platform 4.0 (2) Cisco ONS 15454 Optical Transport Platform 4.0 (1) Cisco ONS 15454 Optical Transport Platform 4.0 Cisco ONS 15454 Optical Transport Platform 3.4 Cisco ONS 15454 Optical Transport Platform 3.3 Cisco ONS 15454 Optical Transport Platform 3.2 .0 Cisco ONS 15454 Optical Transport Platform 3.1 .0 Cisco ONS 15454 Optical Transport Platform 3.0 Cisco IOS 12.3XQ Cisco IOS 12.3XK Cisco IOS 12.3XH Cisco IOS 12.3XG Cisco IOS 12.3XF Cisco IOS 12.3XE Cisco IOS 12.3XD Cisco IOS 12.3XC Cisco IOS 12.3T Cisco IOS 12.3B Cisco IOS 12.3(6) Cisco IOS 12.3(5b) Cisco IOS 12.3(5a)b Cisco IOS 12.3(5a) Cisco IOS 12.3(5) Cisco IOS 12.3(4)XD1 Cisco IOS 12.3(4)XD Cisco IOS 12.3(4)T3 Cisco IOS 12.3(4)T2 Cisco IOS 12.3(4)T1 Cisco IOS 12.3(4)T Cisco IOS 12.3(2)XC2 Cisco IOS 12.3(2)XC1 Cisco IOS 12.3(2)T3 Cisco IOS 12.3 Cisco IOS 12.2ZQ Cisco IOS 12.2SW Cisco IOS 12.2S Cisco IOS 12.2(23) Cisco IOS 12.2(21a) Cisco IOS 12.2(21) Cisco IOS 12.2(20)S1 Cisco IOS 12.2(20)S Cisco IOS 12.2(12h) Cisco IOS 12.2(12g) Cisco IOS 12.2 Cisco IOS 12.1EW Cisco IOS 12.1EU Cisco IOS 12.1EO Cisco IOS 12.1EC Cisco IOS 12.1EB Cisco IOS 12.1EA Cisco IOS 12.1E Cisco IOS 12.1(20)EW1 Cisco IOS 12.1(20)EW Cisco IOS 12.1(20)EO Cisco IOS 12.1(20)EC1 Cisco IOS 12.1(20)EC Cisco IOS 12.1(20)EA1 Cisco IOS 12.1(20)E2 Cisco IOS 12.1(20)E1 Cisco IOS 12.1(20)E Cisco IOS 12.0SV Cisco IOS 12.0S Cisco IOS 12.0(27)SV1 Cisco IOS 12.0(27)SV Cisco IOS 12.0(27)S Cisco IOS 12.0(26)S1 Cisco IOS 12.0(24)S5 Cisco IOS 12.0(24)S4 Cisco IOS 12.0(23)S5 Cisco IOS 12.0(23)S4 |
| Not Vulnerable: |
Cisco IOS 12.3(9) Cisco IOS 12.3(7.7) Cisco IOS 12.3(7)T Cisco IOS 12.3(6a) Cisco IOS 12.3(5c) Cisco IOS 12.3(5)B1 Cisco IOS 12.3(4)XQ Cisco IOS 12.3(4)XK Cisco IOS 12.3(4)XH Cisco IOS 12.3(4)XG1 Cisco IOS 12.3(4)XD2 Cisco IOS 12.3(4)T4 Cisco IOS 12.3(4)EO1 Cisco IOS 12.3(2)XC3 Cisco IOS 12.2(24) Cisco IOS 12.2(23a) Cisco IOS 12.2(23.6) Cisco IOS 12.2(23)SW Cisco IOS 12.2(22)S Cisco IOS 12.2(21b) Cisco IOS 12.2(20)S2 Cisco IOS 12.2(12i) Cisco IOS 12.1(22)EB Cisco IOS 12.1(22)E1 Cisco IOS 12.1(20)EW2 Cisco IOS 12.1(20)EO1 Cisco IOS 12.1(20)EC2 Cisco IOS 12.1(20)EA1a Cisco IOS 12.1(20)E3 Cisco IOS 12.0(27)SV2 Cisco IOS 12.0(27)S1 Cisco IOS 12.0(26)S2 Cisco IOS 12.0(24)S6 Cisco IOS 12.0(23)S6 |
Discussion
Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This is caused by a design error that causes memory corruption in the affected system under certain circumstances.
This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to a corruption of memory in the affected device. As a result, there may be other consequences, such as code execution. This has not been confirmed by Cisco.
It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This is caused by a design error that causes memory corruption in the affected system under certain circumstances.
This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to a corruption of memory in the affected device. As a result, there may be other consequences, such as code execution. This has not been confirmed by Cisco.
Exploit / POC
Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
Solution:
Cisco has released an advisory dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.
Cisco has released an update to their initial advisory. The update has expanded on the affected products section (added the Catalyst and Optical products - 12.1(20)EO) as well as the software versions and fixes section; updates for the newly reported vulnerable products will be available on April 27th.
Cisco has also released further revisions to their initial advisory. In particular, Cisco has provided details about vulnerable IOS 12.1EB, 12.1EO, 12.1EU, 12.2SW, 12.2ZQ, 12.2XE, 12.2XF releases and fix information. Please see the most recent revision (1.3) for further information.
Cisco have released revision 1.4 of their advisory to instruct users of Cisco IOS 12.3XC to migrate to the pending 12.3(8)T release.
Cisco have released revision 1.5 of their advisory, detailing software fix availability information for 12.0S, 12.1EB, 12.2, 12.2S, 12.2SW, 12.3, 12.3T, 12.3XH, 12.3XK, and 12.3XQ.
Solution:
Cisco has released an advisory dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.
Cisco has released an update to their initial advisory. The update has expanded on the affected products section (added the Catalyst and Optical products - 12.1(20)EO) as well as the software versions and fixes section; updates for the newly reported vulnerable products will be available on April 27th.
Cisco has also released further revisions to their initial advisory. In particular, Cisco has provided details about vulnerable IOS 12.1EB, 12.1EO, 12.1EU, 12.2SW, 12.2ZQ, 12.2XE, 12.2XF releases and fix information. Please see the most recent revision (1.3) for further information.
Cisco have released revision 1.4 of their advisory to instruct users of Cisco IOS 12.3XC to migrate to the pending 12.3(8)T release.
Cisco have released revision 1.5 of their advisory, detailing software fix availability information for 12.0S, 12.1EB, 12.2, 12.2S, 12.2SW, 12.3, 12.3T, 12.3XH, 12.3XK, and 12.3XQ.
References
Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
References:
References: