Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

2014-09-2416:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.012

Percentile

84.9%

JSON

The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition:

Cisco IOS Software mDNS Gateway Memory Leak Vulnerability
Cisco IOS Software mDNS Gateway Denial of Service Vulnerability

Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns”]

Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html”]

Affected configurations

Vulners

Node

ciscoiosMatch15.1sy

ciscoiosMatch15.4t

ciscoiosMatch15.2e

ciscoiosMatch15.4s

ciscocisco_iosMatch3.3sexe

ciscocisco_iosMatch3.3xoxe

ciscocisco_iosMatch3.5exe

ciscocisco_iosMatch3.11sxe

ciscoiosMatch15.1\(2\)sy

ciscoiosMatch15.1\(2\)sy1

ciscoiosMatch15.4\(1\)t

ciscoiosMatch15.4\(1\)t1

ciscoiosMatch15.2\(1\)e

ciscoiosMatch15.2\(1\)e1

ciscoiosMatch15.4\(1\)s

ciscocisco_iosMatch3.3.0sexe

ciscocisco_iosMatch3.3.1sexe

ciscocisco_iosMatch3.3.0xoxe

ciscocisco_iosMatch3.5.0exe

ciscocisco_iosMatch3.5.1exe

ciscocisco_iosMatch3.11.0sxe

VendorProductVersionCPE
ciscoios15.1sycpe:2.3:o:cisco:ios:15.1sy:*:*:*:*:*:*:*
ciscoios15.4tcpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*
ciscoios15.2ecpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:*
ciscoios15.4scpe:2.3:o:cisco:ios:15.4s:*:*:*:*:*:*:*
ciscocisco_ios3.3secpe:2.3:o:cisco:cisco_ios:3.3se:xe:*:*:*:*:*:*
ciscocisco_ios3.3xocpe:2.3:o:cisco:cisco_ios:3.3xo:xe:*:*:*:*:*:*
ciscocisco_ios3.5ecpe:2.3:o:cisco:cisco_ios:3.5e:xe:*:*:*:*:*:*
ciscocisco_ios3.11scpe:2.3:o:cisco:cisco_ios:3.11s:xe:*:*:*:*:*:*
ciscoios15.1(2)sycpe:2.3:o:cisco:ios:15.1\(2\)sy:*:*:*:*:*:*:*
ciscoios15.1(2)sy1cpe:2.3:o:cisco:ios:15.1\(2\)sy1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.1sy	cpe:2.3:o:cisco:ios:15.1sy:::::::*
cisco	ios	15.4t	cpe:2.3:o:cisco:ios:15.4t:::::::*
cisco	ios	15.2e	cpe:2.3:o:cisco:ios:15.2e:::::::*
cisco	ios	15.4s	cpe:2.3:o:cisco:ios:15.4s:::::::*
cisco	cisco_ios	3.3se	cpe:2.3:o:cisco:cisco_ios:3.3se:xe::::::
cisco	cisco_ios	3.3xo	cpe:2.3:o:cisco:cisco_ios:3.3xo:xe::::::
cisco	cisco_ios	3.5e	cpe:2.3:o:cisco:cisco_ios:3.5e:xe::::::
cisco	cisco_ios	3.11s	cpe:2.3:o:cisco:cisco_ios:3.11s:xe::::::
cisco	ios	15.1(2)sy	cpe:2.3:o:cisco:ios:15.1\(2\)sy:::::::*
cisco	ios	15.1(2)sy1	cpe:2.3:o:cisco:ios:15.1\(2\)sy1:::::::*