Guest

Preview Tool

Cisco Bug: CSCup10024 - Cisco IOS and Cisco IOS XE input queue holding Vulnerability

Last Modified

Nov 27, 2019

Products (1)

  • Cisco IOS

Known Affected Releases

15.4(1.14)T

Description (partial)

Symptom:
A vulnerability in the UDP processing code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition.

The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets.

There are workarounds that address this vulnerability. 

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp

Conditions:
This issue is addressed via different bugs id, consult the advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp for further details.

Device with default configuration.  Below table indicates affected trains and fixed releases.

Cisco IOS Software
15.1GC Train		Vulnerable
15.2GC Train		Vulnerable
15.2GCA Train		Vulnerable
15.4(3)M Train		Vulnerable, first fixed in 15.4(3)M8
15.4(2)T Train		Vulnerable, first fixed in 15.4(2)T3
15.6(2)S4		Vulnerable

No other Cisco IOS Software trains/releases are affected.

Cisco IOS XE Software

 3.14S Train:		Vulnerable
 3.15S Train:		Vulnerable
 3.16S Train:   	Vulnerable, first fixed in 3.16.6S
 3.16XB Train:		Vulnerable
 3.17S Train:		Vulnerable
 3.18S/SP Trains:	Vulnerable 

No other Cisco IOS XE Software trains/releases are affected.

Cisco IOS XE 16.x Software
 16.1 Train:		Not Vulnerable
 16.2 Train:		Vulnerable
 16.3 Train:		Vulnerable, first fixed in 16.3.3
 16.4 and later trains: Not Vulnerable
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.