CiscoCISCO-SA-20151012-ASRCisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
48.6%
A vulnerability in the TACACS protocol implementation of the Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition because the vpnmgr process restarts.
The vulnerability is due to improper input validation of the TACACS packet header. An attacker could exploit this vulnerability by sending a crafted TACACS packet to the device. An exploit could allow the attacker to cause a partial DoS condition because the vpnmgr process could restart when parsing the crafted TACACS packet.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | asr_5000_series_software | any | cpe:2.3:a:cisco:asr_5000_series_software:any:*:*:*:*:*:*:* |
| cisco | asr_9904 | 5000_series_software | cpe:2.3:h:cisco:asr_9904:5000_series_software:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
48.6%