Wednesday, February 1, 2017

Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak.

The vulnerability is due to improper handling of malformed CIP packets. An attacker could exploit this vulnerability by sending malformed CIP requests to a targeted device. A successful exploit could allow the attacker to cause a DoS condition on the targeted device due to low system memory.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2kVKfsV A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak.

The vulnerability is due to improper handling of malformed CIP packets. An attacker could exploit this vulnerability by sending malformed CIP requests to a targeted device. A successful exploit could allow the attacker to cause a DoS condition on the targeted device due to low system memory.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2kVKfsV
Security Impact Rating: Medium
CVE: CVE-2017-3812

from Cisco Security Advisory http://ift.tt/2kVKfsV

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.