Описание
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:cisco:ios_xe:3.4.0as:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:3.4.0s:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:3.4.1s:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1023_router:-:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00427
Низкий
7.8 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.
EPSS
Процентиль: 62%
0.00427
Низкий
7.8 High
CVSS2
Дефекты
CWE-20