Happy Bi-Annual Cisco Security Advisory Release Day

Started by icecream-guy, March 25, 2015, 02:38:02 PM

Previous topic - Next topic

icecream-guy

Best one is the Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
where _every_ device running Cisco IOS or Cisco XE, that has a service listening on a TCP port, is vulnerable to a memory leak that can  cause an attacker to cause reboot of said device.

so far 7 advisories, but nothing as fun, although the Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities is pretty cool if you have lots of VPN's terminated on Cisco devices.
:professorcat:

My Moral Fibers have been cut.

deanwebb

IKEv2 vulnerability? That's going to be very funny, except for the VPN engineers.

I'm not one, so...

:lol:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SimonV


Reggle

The IKEv2 is worse than the TCP memory leak for me. Generally I don't have services open towards the internet from a Cisco device. IKEv2 however...

icecream-guy

Quote from: Reggle on March 26, 2015, 04:20:10 AM
The IKEv2 is worse than the TCP memory leak for me. Generally I don't have services open towards the internet from a Cisco device. IKEv2 however...

don't discount the internal threats.....
:professorcat:

My Moral Fibers have been cut.