Cisco IOS Software IPS and Zone Based Firewall Vulnerabilities

2011-09-28T16:00:00
ID CISCO-SA-20110928-ZBFW
Type cisco
Reporter Cisco
Modified 2011-09-30T23:00:00

Description

Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features. These vulnerabilities are:

Memory leak in Cisco IOS Software

Cisco IOS Software Denial of Service when processing specially
crafted HTTP packets

Cisco has released software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are not available.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-zbfw["%5B%5BPublication_URL%5D%5D"].

Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html["http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html"]

["http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html"]

Devices with affected configurations may hang or crash when processing a specially crafted HTTP packets.

Devices with affected configurations may observe a memory leak under high rates of new session creation flows through the device.