Lucene search

CiscoCISCO-SA-20130327-SMARTINSTALL

HistoryMar 27, 2013 - 4:00 p.m.

Cisco IOS Software Smart Install Denial of Service Vulnerability

2013-03-2716:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.013

Percentile

86.3%

JSON

The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Affected devices that are configured as Smart Install clients are vulnerable.

Cisco has released software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall”]

Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html”]

Affected configurations

Vulners

Node

ciscoiosMatch12.2se

ciscoiosMatch12.2ex

ciscoiosMatch12.2ey

ciscoiosMatch12.2ez

ciscoiosMatch15.0ey

ciscoiosMatch15.0se

ciscoiosMatch15.2jaz

ciscoiosMatch12.2\(55\)se

ciscoiosMatch12.2\(55\)se3

ciscoiosMatch12.2\(55\)se2

ciscoiosMatch12.2\(58\)se

ciscoiosMatch12.2\(55\)se1

ciscoiosMatch12.2\(58\)se1

ciscoiosMatch12.2\(55\)se4

ciscoiosMatch12.2\(58\)se2

ciscoiosMatch12.2\(55\)se5

ciscoiosMatch12.2\(55\)se6

ciscoiosMatch12.2\(55\)ex

ciscoiosMatch12.2\(55\)ex1

ciscoiosMatch12.2\(55\)ex2

ciscoiosMatch12.2\(55\)ex3

ciscoiosMatch12.2\(55\)ey

ciscoiosMatch12.2\(55\)ez

ciscoiosMatch15.0\(1\)ey

ciscoiosMatch15.0\(1\)ey2

ciscoiosMatch15.0\(1\)se

ciscoiosMatch15.0\(2\)se

ciscoiosMatch15.0\(1\)se1

ciscoiosMatch15.0\(1\)se2

ciscoiosMatch15.0\(1\)se3

ciscoiosMatch15.2\(4\)jaz1

VendorProductVersionCPE
ciscoios12.2secpe:2.3:o:cisco:ios:12.2se:*:*:*:*:*:*:*
ciscoios12.2excpe:2.3:o:cisco:ios:12.2ex:*:*:*:*:*:*:*
ciscoios12.2eycpe:2.3:o:cisco:ios:12.2ey:*:*:*:*:*:*:*
ciscoios12.2ezcpe:2.3:o:cisco:ios:12.2ez:*:*:*:*:*:*:*
ciscoios15.0eycpe:2.3:o:cisco:ios:15.0ey:*:*:*:*:*:*:*
ciscoios15.0secpe:2.3:o:cisco:ios:15.0se:*:*:*:*:*:*:*
ciscoios15.2jazcpe:2.3:o:cisco:ios:15.2jaz:*:*:*:*:*:*:*
ciscoios12.2(55)secpe:2.3:o:cisco:ios:12.2\(55\)se:*:*:*:*:*:*:*
ciscoios12.2(55)se3cpe:2.3:o:cisco:ios:12.2\(55\)se3:*:*:*:*:*:*:*
ciscoios12.2(55)se2cpe:2.3:o:cisco:ios:12.2\(55\)se2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	12.2se	cpe:2.3:o:cisco:ios:12.2se:::::::*
cisco	ios	12.2ex	cpe:2.3:o:cisco:ios:12.2ex:::::::*
cisco	ios	12.2ey	cpe:2.3:o:cisco:ios:12.2ey:::::::*
cisco	ios	12.2ez	cpe:2.3:o:cisco:ios:12.2ez:::::::*
cisco	ios	15.0ey	cpe:2.3:o:cisco:ios:15.0ey:::::::*
cisco	ios	15.0se	cpe:2.3:o:cisco:ios:15.0se:::::::*
cisco	ios	15.2jaz	cpe:2.3:o:cisco:ios:15.2jaz:::::::*
cisco	ios	12.2(55)se	cpe:2.3:o:cisco:ios:12.2\(55\)se:::::::*
cisco	ios	12.2(55)se3	cpe:2.3:o:cisco:ios:12.2\(55\)se3:::::::*
cisco	ios	12.2(55)se2	cpe:2.3:o:cisco:ios:12.2\(55\)se2:::::::*