Cisco IOS XE Software for 1000 Series Aggregation Services Routers H.323 DoS

high Nessus Plugin ID 83871

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) is affected by a flaw in the Embedded Services Processor (ESP) due to improper handling of malformed H.323 packets when the device is configured to use Network Address Translation (NAT). An unauthenticated, remote attacker by sending malformed H.323 packets, can exploit this vulnerability to cause a denial of service by crashing the ESP module.

Solution

Upgrade to the relevant version referenced in Cisco bug ID CSCup21070.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=38210

Plugin Details

Severity: High

ID: 83871

File Name: cisco-sa-CSCup21070-asr1000-iosxe.nasl

Version: 1.8

Type: combined

Family: CISCO

Published: 5/28/2015

Updated: 11/22/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/3/2015

Vulnerability Publication Date: 4/3/2015

Reference Information

CVE: CVE-2015-0688

BID: 73914

CISCO-BUG-ID: CSCup21070