—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability

Advisory ID: cisco-sa-20180328-igmp

Revision: 1.0

For Public Release: 2018 March 28 16:00 GMT

Last Updated: 2018 March 28 16:00 GMT

CVE ID(s): CVE-2018-0165

CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJau71CXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczmKQP/RLPw1f8PzJuzaldMst4Ct2mSvYZ
bBhgdeXgQi0esMs/zTWSoW+ZayUscPZkDLLmw1P2yfdzPPq7c3ZXkb8+FiC1k9b9
bFMLm5ud17pUAADwt+dY3fWEJPhMbXp6PobrgFTDtsf0rboWbVMOK/Wtg5WL073H
L+aBeB+aJ26YAZcgdB80uzdwn9bZk9/1evIiCRu/nxbQ6GFHmB0KlDnRoP0YMaRH
/p8Jq9aJaqeEfrCy6UwHC3yA3SfygKgfvoK70uoLzba6pqYx3ZAAJ1SO9Tv7GM4m
JvkhJ4AhhQuCklC+HrZnzw9R7VCreF0GFY0+DhPb0XWzKi5Z8C11YhmX+O3tc8pS
AkDvKK8rTPfHiUureDI4TpsZ26GQvxMsjYa4JPQbPH6YlKRSkNNmMhduyfBVQT/+
jFMmQdeeoifCMdh+5jlyAOE3int7/KKl/rejL4sZITHKtzxiBwGnBNn2bkmO7geF
W9Yqcjr9DRCkpdUWFW0XbMEk/4b6od96I2I07YIyL/fXj2yOev6vQrV8pE+h1IYW
kSLNtTAI9SIR/z/HvMuLfem2JwkpGceEXXYGvQ/MXfEcXjlSddhbeMy2VoCT3g3i
R+2u1Zx6IM6MaFQlboGq4zYQtD4xmRdLJp4Fjkf/+8bY6QjIOVSZn9g6iexPmLyS
E79+BSvuiY3bcSTR
=b1K0
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com