Cisco IPS Software Control-Plane MainApp拒绝服务漏洞

2014-02-21T00:00:00
ID SSV:61512
Type seebug
Reporter Root
Modified 2014-02-21T00:00:00

Description

Bugtraq ID:65667 CVE ID:CVE-2014-0719

Cisco IPS Software是一款思科开发的入侵防御系统。

Cisco IPS Software上的Control-plane访问列表实现中存在漏洞,允许未验证远程攻击者使MainApp进程变得不稳定。 漏洞是由于不正确处理发送给受影响系统的管理IP地址的畸形TCP报文,向TCP 7000端口发送特制报文可使MainApp进程变得不稳定。 0 Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card (AIP SSC) Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module (AIP SSM) Cisco ASA 5500-X Series IPS Security Services Processor (IPS SSP) 厂商补丁:

Cisco

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.cisco.com/public/sw-center/