Lucene search

CiscoCISCO-SA-20160928-SMI

HistorySep 28, 2016 - 4:00 p.m.

Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

2016-09-2816:00:00

tools.cisco.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi”]

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-56513”].

Affected configurations

Vulners

Node

ciscoiosMatch12.2se

ciscoiosMatch12.2ex

ciscoiosMatch12.2ey

ciscoiosMatch12.2ez

ciscoiosMatch15.0ey

ciscoiosMatch15.0se

ciscoiosMatch15.1sg

ciscoiosMatch15.0ex

ciscoiosMatch15.0ea

ciscoiosMatch15.2e

ciscoiosMatch15.0ez

ciscoiosMatch15.2ey

ciscoiosMatch15.0ej

ciscoiosMatch15.2eb

ciscoiosMatch15.2ea

ciscorvs4000_softwareMatch3.2se

ciscorvs4000_softwareMatch3.3se

ciscorvs4000_softwareMatch3.3xo

ciscorvs4000_softwareMatch3.5e

ciscorvs4000_softwareMatch3.6e

ciscorvs4000_softwareMatch3.7e

ciscorvs4000_softwareMatch3.8e

ciscoiosMatch12.2\(55\)se

ciscoiosMatch12.2\(55\)se3

ciscoiosMatch12.2\(55\)se2

ciscoiosMatch12.2\(58\)se

ciscoiosMatch12.2\(55\)se1

ciscoiosMatch12.2\(58\)se1

ciscoiosMatch12.2\(55\)se4

ciscoiosMatch12.2\(58\)se2

ciscoiosMatch12.2\(55\)se5

ciscoiosMatch12.2\(55\)se6

ciscoiosMatch12.2\(55\)se7

ciscoiosMatch12.2\(55\)se8

ciscoiosMatch12.2\(55\)se9

ciscoiosMatch12.2\(55\)se10

ciscoiosMatch12.2\(55\)ex

ciscoiosMatch12.2\(55\)ex1

ciscoiosMatch12.2\(55\)ex2

ciscoiosMatch12.2\(55\)ex3

ciscoiosMatch12.2\(55\)ey

ciscoiosMatch12.2\(55\)ez

ciscoiosMatch15.0\(1\)ey

ciscoiosMatch15.0\(1\)ey2

ciscoiosMatch15.0\(1\)se

ciscoiosMatch15.0\(2\)se

ciscoiosMatch15.0\(1\)se1

ciscoiosMatch15.0\(1\)se2

ciscoiosMatch15.0\(1\)se3

ciscoiosMatch15.0\(2\)se1

ciscoiosMatch15.0\(2\)se2

ciscoiosMatch15.0\(2\)se3

ciscoiosMatch15.0\(2\)se4

ciscoiosMatch15.0\(2\)se5

ciscoiosMatch15.0\(2\)se6

ciscoiosMatch15.0\(2\)se7

ciscoiosMatch15.0\(2\)se8

ciscoiosMatch15.0\(2\)se9

ciscoiosMatch15.0\(2a\)se9

ciscoiosMatch15.1\(2\)sg

ciscoiosMatch15.1\(2\)sg1

ciscoiosMatch15.1\(2\)sg2

ciscoiosMatch15.1\(2\)sg3

ciscoiosMatch15.1\(2\)sg4

ciscoiosMatch15.1\(2\)sg5

ciscoiosMatch15.1\(2\)sg6

ciscoiosMatch15.1\(2\)sg7

ciscoiosMatch15.0\(2\)ex

ciscoiosMatch15.0\(2\)ex1

ciscoiosMatch15.0\(2\)ex2

ciscoiosMatch15.0\(2\)ex3

ciscoiosMatch15.0\(2\)ex4

ciscoiosMatch15.0\(2\)ex5

ciscoiosMatch15.0\(2\)ex6

ciscoiosMatch15.0\(2\)ex7

ciscoiosMatch15.0\(2\)ex8

ciscoiosMatch15.0\(2a\)ex5

ciscoiosMatch15.0\(2\)ex10

ciscoiosMatch15.0\(2\)ex11

ciscoiosMatch15.0\(2\)ea1

ciscoiosMatch15.2\(1\)e

ciscoiosMatch15.2\(2\)e

ciscoiosMatch15.2\(1\)e1

ciscoiosMatch15.2\(3\)e

ciscoiosMatch15.2\(1\)e2

ciscoiosMatch15.2\(1\)e3

ciscoiosMatch15.2\(2\)e1

ciscoiosMatch15.2\(2b\)e

ciscoiosMatch15.2\(4\)e

ciscoiosMatch15.2\(3\)e1

ciscoiosMatch15.2\(2\)e2

ciscoiosMatch15.2\(2a\)e1

ciscoiosMatch15.2\(2\)e3

ciscoiosMatch15.2\(2a\)e2

ciscoiosMatch15.2\(3\)e2

ciscoiosMatch15.2\(3a\)e

ciscoiosMatch15.2\(3\)e3

ciscoiosMatch15.2\(3m\)e2

ciscoiosMatch15.2\(4\)e1

ciscoiosMatch15.2\(2\)e4

ciscoiosMatch15.2\(4m\)e1

ciscoiosMatch15.0\(2\)ez

ciscoiosMatch15.2\(1\)ey

ciscoiosMatch15.0\(2\)ej

ciscoiosMatch15.0\(2\)ej1

ciscoiosMatch15.2\(2\)eb

ciscoiosMatch15.2\(2\)eb1

ciscoiosMatch15.2\(2\)eb2

ciscoiosMatch15.2\(2\)ea

ciscoiosMatch15.2\(2\)ea1

ciscoiosMatch15.2\(2\)ea2

ciscoiosMatch15.2\(3\)ea

ciscoiosMatch15.2\(4\)ea

ciscoiosMatch15.2\(4\)ea1

ciscoiosMatch15.2\(2\)ea3

ciscoiosMatch15.2\(4\)ea3

ciscoiosMatch15.2\(4\)ea2

ciscorvs4000_softwareMatch3.2.0se

ciscorvs4000_softwareMatch3.2.1se

ciscorvs4000_softwareMatch3.2.2se

ciscorvs4000_softwareMatch3.2.3se

ciscorvs4000_softwareMatch3.3.0se

ciscorvs4000_softwareMatch3.3.1se

ciscorvs4000_softwareMatch3.3.2se

ciscorvs4000_softwareMatch3.3.3se

ciscorvs4000_softwareMatch3.3.4se

ciscorvs4000_softwareMatch3.3.5se

ciscorvs4000_softwareMatch3.3.0xo

ciscorvs4000_softwareMatch3.3.1xo

ciscorvs4000_softwareMatch3.3.2xo

ciscorvs4000_softwareMatch3.5.0e

ciscorvs4000_softwareMatch3.5.1e

ciscorvs4000_softwareMatch3.5.2e

ciscorvs4000_softwareMatch3.5.3e

ciscorvs4000_softwareMatch3.6.0e

ciscorvs4000_softwareMatch3.6.1e

ciscorvs4000_softwareMatch3.6.0ae

ciscorvs4000_softwareMatch3.6.0be

ciscorvs4000_softwareMatch3.6.2ae

ciscorvs4000_softwareMatch3.6.3e

ciscorvs4000_softwareMatch3.6.4e

ciscorvs4000_softwareMatch3.7.0e

ciscorvs4000_softwareMatch3.7.1e

ciscorvs4000_softwareMatch3.7.2e

ciscorvs4000_softwareMatch3.7.3e

ciscorvs4000_softwareMatch3.8.0e

ciscorvs4000_softwareMatch3.8.1e

ciscorvs4000_softwareMatch3.8.2e

CPENameOperatorVersion
ioseq12.2SE
ioseq12.2EX
ioseq12.2EY
ioseq12.2EZ
ioseq15.0EY
ioseq15.0SE
ioseq15.1SG
ioseq15.0EX
ioseq15.0EA
ioseq15.2E

Name	Operator	Version
ios	eq	12.2SE
ios	eq	12.2EX
ios	eq	12.2EY
ios	eq	12.2EZ
ios	eq	15.0EY
ios	eq	15.0SE
ios	eq	15.1SG
ios	eq	15.0EX
ios	eq	15.0EA
ios	eq	15.2E

Rows per page:

1-10 of 1481

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CISCO-SA-20160928-SMI