About the Cisco Internet operating system vulnerability briefings-vulnerability warning-the black bar safety net

ID MYHACK58:62201679640
Type myhack58
Reporter 佚名
Modified 2016-09-25T00:00:00


! Recently, the Internet on disclosure related to Cisco(Cisco)Internetoperating system IOS, the Internetwork OperatingSystem there is a data memory leak vulnerability, CNNVD-2 0 1 6 0 9-3 4 2, CVE-2 0 1 6-6 4 1 5. The vulnerability may cause the affected network device memory data was leaked, resulting in a large number of plaintext data is malicious access. 9 on 1 6 May, Cisco official for the vulnerability was released exploit tools, but the repair patch is not yet released. National information security vulnerability database(CNNVD for the tracking analysis, the details as follows: A, vulnerability introduction IOS Internetoperating systemby the Cisco company developed one of the Internet interconnection optimization of theoperating system, widely used in the company production of various types of firewalls and routers and other network equipment. IOS Internetoperating systemthe XR version 4. 3. x, 5.0. x, 5.1. x and 5. 2. x 5.3.0 and newer are not affected, and all of the IOS XE and IOS version exists in the memory data information disclosure vulnerability vulnerability number: CNNVD-2 0 1 6 0 9-3 4 2, CVE-2 0 1 6-6 4 1 5 in. The vulnerability is due to the above-described system for a network Protocol packet content inspection is imperfect, by constructing a malicious Protocol packets sent to the affected network device, in order to get the memory data information. Second, the vulnerability to hazards The affected network devices main purpose is to encrypt the transport stream via the device's data packets to ensure data transmission security. An attacker can use this vulnerability to obtain its stored data information, resulting in a large number of plaintext data was maliciously leaked. According to the Internet Crime tracking organization Shadowserver Foundation for the Vulnerability Scan statistics, on the Internet the vulnerability exists independently of the device about 8 4 million, of which the United States is approximately 2 to 5 million units, China has about 2 million units, the impact is more serious. Third, the repair measures Currently, the Cisco official website for the exploit release vulnerability detection tools, but the repair patch is not yet released. Please the affected users in a timely manner attention to Cisco's official announcement or CNNVD the official website announcement. (1) the Cisco announcement link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 (2) CNNVD announcement link: http://www.cnnvd.org.cn/vulnerability/show/cv_id/2016090342 This report by the CNNVD technical support unit of the vulnerabilities of the box to provide support. CNNVD will continue to track the vulnerability of the relevant circumstances, the timely release relevant information. If necessary, can be used with CNNVD timely contact. Contact information: CNNVD官方邮箱cnnvd@itsec.gov.cn the.