—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco StarOS IPv4 Fragmentation Denial of Service Vulnerability

Advisory ID: cisco-sa-20180711-staros-dos

Revision: 1.0

For Public Release: 2018 July 11 16:00 GMT

Last Updated: 2018 July 11 16:00 GMT

CVE ID(s): CVE-2018-0369

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time.

The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbRitpXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczoRoQANYjiL4uMrAFGBRQBgrkM2k3ymvs
xgx2ftJA6fC4udVnV7PF4x8n8dUrEjZ3xlNpkXl7h02A9d7Efvm7Gf+IGV1hin6e
YGHIgJUBscpWjK+SzETYpqmh0DOek6OjqlCRIlaJxgaCm5Oi9ZAE/Z7GBAVQV/fn
gvkWDQHlCwtX1niFxwOM+wfNbulXThBDE14lZyboC6woMcomDBVgVSz0aKu/W5kX
yltBvxmRaieEjV9rJgDP3uQdWW5s5WI5etsQ6bZ0kO83jTqHvwsR9GxQSxM4WI2c
2gFHreXBEJD29bh2+51TnzFO3Z54L6ytz2J/gg0BpaZT8Us15aVLuQLkODbXIxl3
uM+MnKhkls6zsI/z79RpqJLmJwCWSszOATjlDPcPjrvvfyroKBvZ/LuZ7Py4ZfpZ
Mrdl54/3HBDBXWcRbCegNGrgZW2RXPDV64VCMq2deo7ucRvWwkyaO5wn9a/hAxWx
kmDBvhOjIOzVF4z1MaU06hm0sn9eZQu/QLkemtocKIHpsl3iRrDRNrCO+M2kPJzC
S6u/dpSddmGGJUyYrOr0JRPy900hG+KKKQSwwElTUZY+Oc9BmGK+w82ahhCMJM0E
sXbi9mPj2mSopiIxLZzOxjshCX0qgBHad5WFlnfaUH8mGVp9OabhoAhX5ZhsxC4O
8W9x+jTWimBTgYgA
=pRI6
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com