Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Sep 24 16:23:47 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Cisco IOS Software Metadata Vulnerabilities
Advisory ID: cisco-sa-20140924-metadata
For Public Release 2014 September 24 16:00 UTC (GMT)
Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device.
The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition.
Cisco has released free software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
More information about the NANOG