Guest

Preview Tool

Cisco Bug: CSCur69036 - Cisco IOS Common Industrial Protocol Denial of Service Vulnerability

Last Modified

Aug 11, 2017

Products (1)

  • Cisco Industrial Ethernet 2000 Series Switches

Known Affected Releases

15.2(2.1.20)EA

Description (partial)

Symptom:
A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.

The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request 
designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 
11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of ?High.? For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual 
Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Conditions:
Devices running an affected version of Cisco IOS software.

Please see the Cisco IOS Software Checker:
http://tools.cisco.com/security/center/selectIOSVersion.x
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.