CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
85.1%
Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device.
The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition.
Cisco has released software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios | 15.2s | cpe:2.3:o:cisco:ios:15.2s:*:*:*:*:*:*:* |
cisco | ios | 15.3t | cpe:2.3:o:cisco:ios:15.3t:*:*:*:*:*:*:* |
cisco | ios | 15.2m | cpe:2.3:o:cisco:ios:15.2m:*:*:*:*:*:*:* |
cisco | ios | 15.0ex | cpe:2.3:o:cisco:ios:15.0ex:*:*:*:*:*:*:* |
cisco | ios | 15.2gc | cpe:2.3:o:cisco:ios:15.2gc:*:*:*:*:*:*:* |
cisco | ios | 15.1sy | cpe:2.3:o:cisco:ios:15.1sy:*:*:*:*:*:*:* |
cisco | ios | 15.3s | cpe:2.3:o:cisco:ios:15.3s:*:*:*:*:*:*:* |
cisco | ios | 15.3m | cpe:2.3:o:cisco:ios:15.3m:*:*:*:*:*:*:* |
cisco | ios | 15.2sc | cpe:2.3:o:cisco:ios:15.2sc:*:*:*:*:*:*:* |
cisco | ios | 15.2jaz | cpe:2.3:o:cisco:ios:15.2jaz:*:*:*:*:*:*:* |