Lucene search

CiscoCISCO-SA-20190925-CAT4000-TCP-DOS

HistorySep 25, 2019 - 4:00 p.m.

Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability

2019-09-2516:00:00

tools.cisco.com

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition.

This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos”]

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-72547”].

Affected configurations

Vulners

Node

ciscoiosMatch15.0xo

ciscoiosMatch15.1sg

ciscoiosMatch15.0sg

ciscoiosMatch15.0ex

ciscoiosMatch15.2e

ciscoiosMatch15.2ea

ciscoiosMatch15.3jaa

ciscoiosMatch15.0\(1\)xo1

ciscoiosMatch15.0\(1\)xo

ciscoiosMatch15.0\(2\)xo

ciscoiosMatch15.1\(1\)sg

ciscoiosMatch15.1\(2\)sg

ciscoiosMatch15.1\(1\)sg1

ciscoiosMatch15.1\(1\)sg2

ciscoiosMatch15.1\(2\)sg1

ciscoiosMatch15.1\(2\)sg2

ciscoiosMatch15.1\(2\)sg3

ciscoiosMatch15.1\(2\)sg4

ciscoiosMatch15.1\(2\)sg5

ciscoiosMatch15.1\(2\)sg6

ciscoiosMatch15.1\(2\)sg7

ciscoiosMatch15.1\(2\)sg8

ciscoiosMatch15.0\(2\)sg

ciscoiosMatch15.0\(2\)sg1

ciscoiosMatch15.0\(2\)sg2

ciscoiosMatch15.0\(2\)sg3

ciscoiosMatch15.0\(2\)sg4

ciscoiosMatch15.0\(2\)sg5

ciscoiosMatch15.0\(2\)sg6

ciscoiosMatch15.0\(2\)sg7

ciscoiosMatch15.0\(2\)sg8

ciscoiosMatch15.0\(2\)sg9

ciscoiosMatch15.0\(2\)sg10

ciscoiosMatch15.0\(2\)sg11

ciscoiosMatch15.0\(2\)sg11a

ciscoiosMatch15.0\(2\)ex2

ciscoiosMatch15.0\(2\)ex8

ciscoiosMatch15.2\(1\)e

ciscoiosMatch15.2\(2\)e

ciscoiosMatch15.2\(1\)e1

ciscoiosMatch15.2\(3\)e

ciscoiosMatch15.2\(1\)e3

ciscoiosMatch15.2\(2\)e1

ciscoiosMatch15.2\(2b\)e

ciscoiosMatch15.2\(4\)e

ciscoiosMatch15.2\(3\)e1

ciscoiosMatch15.2\(2\)e2

ciscoiosMatch15.2\(2\)e3

ciscoiosMatch15.2\(3\)e2

ciscoiosMatch15.2\(3\)e3

ciscoiosMatch15.2\(4\)e1

ciscoiosMatch15.2\(2\)e4

ciscoiosMatch15.2\(2\)e5

ciscoiosMatch15.2\(4\)e2

ciscoiosMatch15.2\(3\)e4

ciscoiosMatch15.2\(4\)e3

ciscoiosMatch15.2\(2\)e6

ciscoiosMatch15.2\(2\)e5a

ciscoiosMatch15.2\(2\)e5b

ciscoiosMatch15.2\(4\)e4

ciscoiosMatch15.2\(2\)e7

ciscoiosMatch15.2\(4\)e5

ciscoiosMatch15.2\(2\)e8

ciscoiosMatch15.2\(4\)e6

ciscoiosMatch15.2\(2\)e9

ciscoiosMatch15.2\(4\)e7

ciscoiosMatch15.2\(2\)e10

ciscoiosMatch15.2\(4\)e8

ciscoiosMatch15.2\(2\)e9a

ciscoiosMatch15.2\(4\)ea10

ciscoiosMatch15.3\(3\)jaa1

VendorProductVersionCPE
ciscoios15.0xocpe:2.3:o:cisco:ios:15.0xo:*:*:*:*:*:*:*
ciscoios15.1sgcpe:2.3:o:cisco:ios:15.1sg:*:*:*:*:*:*:*
ciscoios15.0sgcpe:2.3:o:cisco:ios:15.0sg:*:*:*:*:*:*:*
ciscoios15.0excpe:2.3:o:cisco:ios:15.0ex:*:*:*:*:*:*:*
ciscoios15.2ecpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:*
ciscoios15.2eacpe:2.3:o:cisco:ios:15.2ea:*:*:*:*:*:*:*
ciscoios15.3jaacpe:2.3:o:cisco:ios:15.3jaa:*:*:*:*:*:*:*
ciscoios15.0(1)xo1cpe:2.3:o:cisco:ios:15.0\(1\)xo1:*:*:*:*:*:*:*
ciscoios15.0(1)xocpe:2.3:o:cisco:ios:15.0\(1\)xo:*:*:*:*:*:*:*
ciscoios15.0(2)xocpe:2.3:o:cisco:ios:15.0\(2\)xo:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.0xo	cpe:2.3:o:cisco:ios:15.0xo:::::::*
cisco	ios	15.1sg	cpe:2.3:o:cisco:ios:15.1sg:::::::*
cisco	ios	15.0sg	cpe:2.3:o:cisco:ios:15.0sg:::::::*
cisco	ios	15.0ex	cpe:2.3:o:cisco:ios:15.0ex:::::::*
cisco	ios	15.2e	cpe:2.3:o:cisco:ios:15.2e:::::::*
cisco	ios	15.2ea	cpe:2.3:o:cisco:ios:15.2ea:::::::*
cisco	ios	15.3jaa	cpe:2.3:o:cisco:ios:15.3jaa:::::::*
cisco	ios	15.0(1)xo1	cpe:2.3:o:cisco:ios:15.0\(1\)xo1:::::::*
cisco	ios	15.0(1)xo	cpe:2.3:o:cisco:ios:15.0\(1\)xo:::::::*
cisco	ios	15.0(2)xo	cpe:2.3:o:cisco:ios:15.0\(2\)xo:::::::*