Guest

Preview Tool

Cisco Bug: CSCut47751 - Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities

Last Modified

May 09, 2018

Products (1)

  • Cisco Catalyst 3850 Series Switches

Known Affected Releases

15.2(3.7.1) 15.5(3)

Description (partial)

Symptoms:
Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause
a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.

These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these
vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a
buffer overflow condition or a reload of the affected device, leading to a DoS condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise

Conditions:
See published Cisco Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.