[SingCERT] Cisco IOS Multiple Denial of Service Vulnerabilities

[ Summary ]

Cisco IOS is prone to multiple remote denial-of-service vulnerabilities when:

·                     handles more than 10 LLDP Management Address (MA) TLV’s

·                     handles many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames

·                     handles many unicast EAPOL Protocol Data Units (PDUs)

[ Affected Systems ]

For list of affected IOS, please refer to the references for details.

[ Impact Analysis ]

An attacker can exploit these issues to cause the affected device to crash and reload, denying service to legitimate users.

[ Solution/Workaround ]

Updates are available. Please refer to the references for details.

[ Reference ]

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXJ.html

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXI_rebuilds.html