A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HCisco Catalyst 4500e Supervisor Engine 8 E \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4500e Supervisor Engine 8l E \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4500e Supervisor Engine 9 E \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4500 Supervisor Engine 6 E \(k5\)
HWCiscowszystkie wersjeCisco Catalyst 4500 Supervisor Engine 6l E \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4500 Supervisor Engine 7 E \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4500 Supervisor Engine 7l E \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4500 X Series Switches \(k10\)
HWCiscowszystkie wersjeCisco Catalyst 4900m Switch \(k5\)
HWCiscowszystkie wersjeCisco Catalyst 4948e Ethernet Switch \(k5\)
HWCiscowszystkie wersjeCisco IOS
OSCisco3.6\(2\)eCisco IOS XE
OSCisco3.6\(2\)eRockwellautomation Allen Bradley Stratix 8300 Industrial Managed Ethernet Switch
HWRockwellautomationwszystkie wersje
CISA KEV — szczegółyi
- Dostawcai
- Cisco ↗
- Produkti
- Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches
- Data dodania do KEVi
- 3 marca 2022
- Termin remediation (USA)i
- 17 marca 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Luka w implementacji Bidirectional Forwarding Detection (BFD) offload przełączników Cisco Catalyst 4500 Series i Cisco Catalyst 4500-X Series mogłaby pozwolić nieuwierzytelnionemu, zdalnemu atakującemu spowodować awarię procesu iosd, powodując warunki typu denial-of-service (DoS).
▸ Pokaż oryginał (EN)
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.
Powiązane podatności
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an un...
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...