A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp”]
This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056”].
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_ios_xe_software | 17.5 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.5:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.6 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.6:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.7 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.7:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.10 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.10:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.8 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.8:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.9 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.9:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.11 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.11:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.11sw | cpe:2.3:a:cisco:cisco_ios_xe_software:17.11sw:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | any | cpe:2.3:a:cisco:cisco_ios_xe_software:any:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 17.5.1 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.5.1:*:*:*:*:*:*:* |