U radu programskog paketa Cisco Emergency Responder uočen je i ispravljen nedostatak. Zlonamjerni napadači su ga mogli iskoristiti za napad uskraćivanjem usluga (DoS).
Cisco Emergency Responder Remote Denial of Service Vulnerability
Threat Type: CWE-399: Resource Management Errors
IntelliShield ID: 26610
Version: 1
Vector: Network
Authentication: None
Exploit: Functional
Port: Not Available
CVE: CVE-2012-1346
Urgency: Unlikely Use [Urgency: 1-Weakness 2-Unlikely Use 3-Possible Use 4-Probable Use 5-Incidents Reported]
Credibility: Confirmed [Credibility: 1-Very Low 2-Low 3-Corroborated 4-Highly Credible 5-Confirmed]
Severity: Mild Damage [Severity: 1-No Damage 2-Harrassment 3-Mild Damage 4-Moderate Damage 5-Heavy Damage]
CVSS Base: 5.0 CVSS Calculator
CVSS Version 2
CVSS Temporal: 4.1
Version Summary: Cisco Emergency Responder contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted system. Updates are available.
Description
Cisco Emergency Responder contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to the improper handling of malformed UDP packets by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by submitting malformed UDP packets to the vulnerable software. If successful, the attacker could cause a targeted device to consume excessive CPU resources, resulting in a DoS condition.
Cisco has confirmed this vulnerability and released software updates.
Warning Indicators
Cisco Emergency Responder version 8.6 is vulnerable.
IntelliShield Analysis
A successful exploit could allow an attacker to cause a device to stop responding, potentially preventing authorized users from accessing network resources served by the targeted device.
To exploit the vulnerability, an attacker must send malformed UDP packets to a targeted device. The attacker may need access to trusted, internal networks, which could limit the likelihood of a successful exploit.
This alert contains CVSS scoring supplied by Cisco, the primary vendor of the affected product. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor Announcements
Cisco has issued release notes for Cisco bug ID CSCtx38369 at the following link: Release Notes for Cisco Emergency Responder
Impact
An unauthenticated, remote attacker could exploit this vulnerability to consume excessive CPU resources, leading to a DoS condition on a targeted system.
Technical Information
The vulnerability is due to the improper handling of malformed UDP packets transiting the CERPT port of the affected software.
An unauthenticated, remote attacker could exploit this vulnerability by submitting malformed UDP packets to the vulnerable software. Processing the packets would consume excessive amounts of CPU resources on the system, resulting in a DoS condition.
Safeguards
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
Administrators are advised to monitor affected systems.
Patches/Software
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite..
Alert History
Initial Release
Product Sets
The security vulnerability applies to the following combinations of products.
Primary Products:
Cisco Cisco Emergency Responder 8.6 Base
Associated Products:
N/A
Posljednje sigurnosne preporuke