Lucene search

CiscoCISCO-SA-20160928-CIP

HistorySep 28, 2016 - 4:00 p.m.

Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability

2016-09-2816:00:00

tools.cisco.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.8%

JSON

A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.

The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip”]

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication[“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-56513”].

Affected configurations

Vulners

Node

ciscoiosMatch12.2se

ciscoiosMatch12.2ex

ciscoiosMatch15.0ey

ciscoiosMatch15.0se

ciscoiosMatch15.0sg

ciscoiosMatch15.0ex

ciscoiosMatch15.0ea

ciscoiosMatch15.2e

ciscoiosMatch15.2ey

ciscoiosMatch15.2jaz

ciscoiosMatch15.2ea

ciscoiosMatch15.3jn

ciscoiosMatch15.3ja

ciscoiosMatch15.3jaa

ciscoiosMatch15.3jab

ciscoiosMatch15.3jb

ciscoiosMatch15.3jnb

ciscoiosMatch15.3jax

ciscoiosMatch15.3jbb

ciscoiosMatch15.3jc

ciscoiosMatch15.3jnc

ciscoiosMatch15.3jnp

ciscoiosMatch15.3jpi

ciscoiosMatch12.2\(55\)se

ciscoiosMatch12.2\(46\)se2

ciscoiosMatch12.2\(50\)se2

ciscoiosMatch12.2\(50\)se1

ciscoiosMatch12.2\(50\)se5

ciscoiosMatch12.2\(55\)se3

ciscoiosMatch12.2\(52\)se

ciscoiosMatch12.2\(58\)se

ciscoiosMatch12.2\(50\)se3

ciscoiosMatch12.2\(52\)se1

ciscoiosMatch12.2\(46\)se1

ciscoiosMatch12.2\(50\)se4

ciscoiosMatch12.2\(50\)se

ciscoiosMatch12.2\(58\)se1

ciscoiosMatch12.2\(55\)se4

ciscoiosMatch12.2\(58\)se2

ciscoiosMatch12.2\(55\)se5

ciscoiosMatch12.2\(55\)se6

ciscoiosMatch12.2\(55\)se7

ciscoiosMatch12.2\(55\)se8

ciscoiosMatch12.2\(55\)se9

ciscoiosMatch12.2\(55\)se10

ciscoiosMatch12.2\(44\)ex

ciscoiosMatch12.2\(44\)ex1

ciscoiosMatch15.0\(1\)ey

ciscoiosMatch15.0\(1\)ey1

ciscoiosMatch15.0\(1\)ey2

ciscoiosMatch15.0\(2\)ey

ciscoiosMatch15.0\(2\)ey1

ciscoiosMatch15.0\(2\)ey2

ciscoiosMatch15.0\(2\)ey3

ciscoiosMatch15.0\(2\)se

ciscoiosMatch15.0\(2\)se1

ciscoiosMatch15.0\(2\)se2

ciscoiosMatch15.0\(2\)se3

ciscoiosMatch15.0\(2\)se4

ciscoiosMatch15.0\(2\)se5

ciscoiosMatch15.0\(2\)se6

ciscoiosMatch15.0\(2\)se7

ciscoiosMatch15.0\(2\)se8

ciscoiosMatch15.0\(2\)se9

ciscoiosMatch15.0\(2\)sg11a

ciscoiosMatch15.0\(2\)ex2

ciscoiosMatch15.0\(2\)ex8

ciscoiosMatch15.0\(2\)ea1

ciscoiosMatch15.2\(2\)e

ciscoiosMatch15.2\(2\)e1

ciscoiosMatch15.2\(2b\)e

ciscoiosMatch15.2\(2\)e2

ciscoiosMatch15.2\(2\)e3

ciscoiosMatch15.2\(2\)e4

ciscoiosMatch15.2\(1\)ey

ciscoiosMatch15.2\(4\)jaz

ciscoiosMatch15.2\(4\)jaz1

ciscoiosMatch15.2\(3\)ea

ciscoiosMatch15.3\(3\)jn

ciscoiosMatch15.3\(3\)jn1

ciscoiosMatch15.3\(3\)jn2

ciscoiosMatch15.3\(3\)jn3

ciscoiosMatch15.3\(3\)jn4

ciscoiosMatch15.3\(3\)jn6

ciscoiosMatch15.3\(3\)jn7

ciscoiosMatch15.3\(3\)jn8

ciscoiosMatch15.3\(3\)ja

ciscoiosMatch15.3\(3\)ja1n

ciscoiosMatch15.3\(3\)ja1m

ciscoiosMatch15.3\(3\)ja1

ciscoiosMatch15.3\(3\)ja2

ciscoiosMatch15.3\(3\)ja3

ciscoiosMatch15.3\(3\)ja4

ciscoiosMatch15.3\(3\)ja5

ciscoiosMatch15.3\(3\)ja7

ciscoiosMatch15.3\(3\)ja8

ciscoiosMatch15.3\(3\)jaa

ciscoiosMatch15.3\(3\)jaa1

ciscoiosMatch15.3\(3\)jab

ciscoiosMatch15.3\(3\)jb

ciscoiosMatch15.3\(3\)jnb

ciscoiosMatch15.3\(3\)jnb1

ciscoiosMatch15.3\(3\)jnb2

ciscoiosMatch15.3\(3\)jnb3

ciscoiosMatch15.3\(3\)jax

ciscoiosMatch15.3\(3\)jax1

ciscoiosMatch15.3\(3\)jax2

ciscoiosMatch15.3\(3\)jbb

ciscoiosMatch15.3\(3\)jbb1

ciscoiosMatch15.3\(3\)jbb2

ciscoiosMatch15.3\(3\)jbb4

ciscoiosMatch15.3\(3\)jbb5

ciscoiosMatch15.3\(3\)jbb6

ciscoiosMatch15.3\(3\)jbb8

ciscoiosMatch15.3\(3\)jbb6a

ciscoiosMatch15.3\(3\)jc

ciscoiosMatch15.3\(3\)jnc

ciscoiosMatch15.3\(3\)jnc1

ciscoiosMatch15.3\(3\)jnp

ciscoiosMatch15.3\(3\)jnp1

ciscoiosMatch15.3\(3\)jpi

ciscoiosMatch15.3\(3\)jpi3

CPENameOperatorVersion
ioseq12.2SE
ioseq12.2EX
ioseq15.0EY
ioseq15.0SE
ioseq15.0SG
ioseq15.0EX
ioseq15.0EA
ioseq15.2E
ioseq15.2EY
ioseq15.2JAZ

Name	Operator	Version
ios	eq	12.2SE
ios	eq	12.2EX
ios	eq	15.0EY
ios	eq	15.0SE
ios	eq	15.0SG
ios	eq	15.0EX
ios	eq	15.0EA
ios	eq	15.2E
ios	eq	15.2EY
ios	eq	15.2JAZ

Rows per page:

1-10 of 1221

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CISCO-SA-20160928-CIP