CERTA-2008-AVI-542
Vulnerability from certfr_avis - Published: 2008-11-06 - Updated: 2008-11-06
Une vulnérabilité permettant de réaliser un déni de service depuis le réseau local a été découverte dans les produits Cisco.
Description
Une vulnérabilité a été découverte dans les produits Cisco s'appuyant sur les systèmes d'exploitation IOS et CATOS. Cette vulnérabilité est due à une mauvaise gestion de traitement du protocole VTP (VLAN Trunking Protocol).
Cette vulnérabilité peut être exploitée depuis le réseau local, via un paquet spécialement construit, afin de réaliser un déni de service.
Cette vulnérabilité ne peut être exploitée que si l'option VTP Operating Mode est mise à server ou client.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco CATOS versions 8.x ; | ||
| Cisco | N/A | Cisco CATOS versions 5.x ; | ||
| Cisco | IOS | Cisco IOS versions 10.x; | ||
| Cisco | IOS | Cisco IOS versions R12.x; | ||
| Cisco | N/A | Cisco CATOS versions 6.x ; | ||
| Cisco | N/A | Cisco Catalyst 6500 Series versions 12.x ; | ||
| Cisco | IOS | Cisco IOS versions XR12.x. | ||
| Cisco | IOS | Cisco IOS versions R11.x; | ||
| Cisco | IOS | Cisco IOS versions 11.x; | ||
| Cisco | N/A | Cisco CATOS versions 7.x ; | ||
| Cisco | IOS | Cisco IOS versions 12.x; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco CATOS versions 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CATOS versions 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions 10.x;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions R12.x;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CATOS versions 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 6500 Series versions 12.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions XR12.x.",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions R11.x;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions 11.x;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CATOS versions 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions 12.x;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco s\u0027appuyant\nsur les syst\u00e8mes d\u0027exploitation IOS et CATOS. Cette vuln\u00e9rabilit\u00e9 est\ndue \u00e0 une mauvaise gestion de traitement du protocole VTP (VLAN Trunking\nProtocol).\n\nCette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e depuis le r\u00e9seau local, via un\npaquet sp\u00e9cialement construit, afin de r\u00e9aliser un d\u00e9ni de service.\n\nCette vuln\u00e9rabilit\u00e9 ne peut \u00eatre exploit\u00e9e que si l\u0027option VTP Operating\nMode est mise \u00e0 server ou client.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2008-11-06T00:00:00",
"last_revision_date": "2008-11-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20081105-vtp du 05 novembre 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml"
}
],
"reference": "CERTA-2008-AVI-542",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 permettant de r\u00e9aliser un d\u00e9ni de service depuis le\nr\u00e9seau local a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco.\n",
"title": "Vuln\u00e9rabilit\u00e9 des produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco num\u00e9ro 108203 du 05 novembre 2008",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…