Cisco IOS MallocLite BGP Update DoS

medium Nessus Plugin ID 61575

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco IOS device is affected by a denial of service vulnerability due to a flaw in the MallocLite implementation. A remote attacker, via a BGP update message with a specially crafted local-preference attribute length, can cause the route processor to crash, resulting in a denial of service..

Solution

Upgrade to one of the non-vulnerable versions listed in the bug details for CSCtq06538.

See Also

http://www.nessus.org/u?42fad6b3

Plugin Details

Severity: Medium

ID: 61575

File Name: cisco_ios_CSCtq06538.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 8/17/2012

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.7

Temporal Score: 4.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 8/6/2012

Vulnerability Publication Date: 8/6/2012

Reference Information

CVE: CVE-2012-1367

BID: 54830

CISCO-BUG-ID: CSCtq06538