Cisco IOS and IOS XE Software Multiple Denial of Service Vulnerabilities
by CIRT Team
Description: These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition.
Related CVE ID(s): CVE-2017-3860, CVE-2017-3861, CVE-2017-3862, and CVE-2017-3863.
Impact: Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. Following versions are affected:
- Cisco IOS XE Software 0
- Cisco IOS 12.2(55)SE1
- Cisco Industrial Ethernet 3000 Series Switches 15.2(3.2.17)E1
- Cisco Industrial Ethernet 3000 Series Switches 15.2(3.2.16)E1
- Cisco Catalyst 3850 Series Switches 15.5(3)
- Cisco Catalyst 3850 Series Switches 15.2(3.7.1)
- Cisco Catalyst 3750-X Series Switches 15.5(3)
Mitigation: Cisco has released free software updates that addresses the vulnerabilities described in this advisory.
26 Oct 2023 - Security Advisories & Alerts