CERTA-2004-AVI-067

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Selon Cisco, un utilisateur mal intentionné peut, au moyen d'un paquet habilement constitué envoyé à destination du port de supervision 5002/udp du commutateur, réaliser un déni de service par redémarrage à chaud du commutateur vulnérable.

Solution

Se référer au bulletin de sécurité du constructeur (cf. section Documentation) pour l'obtention d'un correctif.

Commutateurs Cisco CSS 11050, 11150, 11800 avec les versions du logiciel WebNS suivantes :

  • pour la série 5.0, versions de WebNS antérieures à la version 05.0(04.07)S ;
  • pour la série 6.10, versions de WebNS antérieures à la version 06.10(02.05)S.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCommutateurs Cisco CSS 11050, 11150,  11800 avec les versions du logiciel WebNS suivantes :  \u003cUL\u003e    \u003cLI\u003epour la s\u00e9rie 5.0, versions de WebNS ant\u00e9rieures \u00e0 la    version 05.0(04.07)S ;\u003c/LI\u003e    \u003cLI\u003epour la s\u00e9rie 6.10, versions de WebNS ant\u00e9rieures \u00e0 la    version 06.10(02.05)S.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nSelon Cisco, un utilisateur mal intentionn\u00e9 peut, au moyen d\u0027un paquet\nhabilement constitu\u00e9 envoy\u00e9 \u00e0 destination du port de supervision\n5002/udp du commutateur, r\u00e9aliser un d\u00e9ni de service par red\u00e9marrage \u00e0\nchaud du commutateur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 du constructeur (cf. section\nDocumentation) pour l\u0027obtention d\u0027un correctif.\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 \"Cisco CSS 11000  series Content services switches malformed UDP packet  vulnerability\" de Cisco :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml"
    }
  ],
  "reference": "CERTA-2004-AVI-067",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "D\u00e9ni de service des commutateurs Cisco CSS 11000",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Cisco",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.