漏洞标题
N/A
漏洞描述信息
Cisco虚拟网关核心分布式实例(VPC-DI)软件19.2到21.0中的入侵UDP数据包处理功能的一个漏洞可能导致未授权的远程攻击者使受影响系统上的控制功能(CF)实例重新加载,从而产生拒绝服务(DoS)条件。该漏洞是由于受影响软件对用户数据的处理不足。攻击者可以通过向受影响系统上的CF实例的分布式实例(DI)网络地址发送精心构造的UDP包来利用此漏洞。一个成功的攻击将使攻击者导致受影响系统上的 unhandled 错误条件,从而使CF实例重新加载,进而使整个 VPC 重新加载,导致所有订阅者断开连接并导致受影响系统的 DoS 条件。这个漏洞只能通过IPv4流量进行利用。Cisco Bug ID: CSCvc01665 CSCvc35565。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco Bug IDs: CSCvc01665 CSCvc35565.
CVSS信息
N/A
漏洞类别
资源管理错误
漏洞标题
Cisco Virtualized Packet Core-Distributed Instance Software 资源管理错误漏洞
漏洞描述信息
Cisco Virtualized Packet Core-Distributed Instance(VPC-DI)Software是美国思科(Cisco)公司的一套被部署在专用硬件平台的StarOS软件的产品化版本。 Cisco VPC-DI Software中的ingress UDP数据包处理功能存在拒绝服务漏洞,该漏洞源于程序没有充分的处理用户提交的数据。远程攻击者可借助特制的UDP数据包利用该漏洞造成拒绝服务。以下产品和版本受到影响:Cisco Virtualized Packet Core-Di
CVSS信息
N/A
漏洞类别
资源管理错误