Cisco IOS Intrusion Prevention System Multiple Vulnerabilities

Bugtraq ID:	22549
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-0918 CVE-2007-0917
Remote:	Yes
Local:	No
Published:	Feb 13 2007 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	These issues were disclosed by the vendor and an unnamed Cisco customer.
Vulnerable:	Cisco IOS 12.4XE Cisco IOS 12.4XB Cisco IOS 12.4XA Cisco IOS 12.4T Cisco IOS 12.4MR Cisco IOS 12.4 Cisco IOS 12.3YZ Cisco IOS 12.3YX Cisco IOS 12.3YT Cisco IOS 12.3YS Cisco IOS 12.3YQ Cisco IOS 12.3YM Cisco IOS 12.3YK Cisco IOS 12.3YJ Cisco IOS 12.3YI Cisco IOS 12.3YH Cisco IOS 12.3YG Cisco IOS 12.3YD Cisco IOS 12.3YA Cisco IOS 12.3XY Cisco IOS 12.3XX Cisco IOS 12.3XW Cisco IOS 12.3XS Cisco IOS 12.3XR Cisco IOS 12.3XQ Cisco IOS 12.3T Cisco IOS 12.3(9)T Cisco IOS 12.3(8)T Cisco IOS 12.3(6)T Cisco IOS 12.3(5)T Cisco IOS 12.3(3)T Cisco IOS 12.3(14)T Cisco IOS 12.3(13)T Cisco IOS 12.3(12)T Cisco IOS 12.3(11)T Cisco IOS 12.3(10)T Cisco IOS 12.3(1)T
Not Vulnerable:

Cisco IOS Intrusion Prevention System Multiple Vulnerabilities

Cisco IOS is prone to a security-bypass vulnerability and a denial-of-service vulnerability.

An attacker could exploit the security-bypass issue to send malicious data to computers that would otherwise be protected by signature inspection.

An attacker could exploit the denial-of-service vulnerability to crash affected devices, denying service to legitimate users.

Cisco IOS Intrusion Prevention System Multiple Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Cisco IOS Intrusion Prevention System Multiple Vulnerabilities

Solution:
The vendor has released fixes to address these issues. Please see the referenced advisory for information on how to obtain and apply these fixes.

Cisco IOS Intrusion Prevention System Multiple Vulnerabilities

References:

• Cisco IOS Homepage (Cisco Systems)
  
• Cisco Security Advisory: Multiple IOS IPS Vulnerabilities (Cisco Systems PSIRT)
  
• Cisco Security Advisory: Multiple IOS IPS Vulnerabilities (Cisco)