Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution

ITS Advisory Number: 
2015-032
Date(s) Issued: 
Thursday, March 26, 2015
Subject: 
Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution
Overview: 
Multiple vulnerabilities have been discovered in several Cisco products, including Cisco IOS, Cisco IOS XE, Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers. These products provide firewall, intrusion prevention, remote access, and other services. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted TCP packet to the targeted device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. In addition, the attacker could also execute arbitrary code.
Systems Affected: 
  • Cisco IOS 15.4(3)SN1 and earlier versions
  • Cisco IOS XE Software 3.13S .0 and earlier versions

 

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

Cisco Products are prone to multiple vulnerabilities that could allow for remote code execution or denial of service. These vulnerabilities are as follows:

  • Cisco IOS Software is prone to multiple vulnerabilities that could allow for denial of service. These vulnerabilities are as follows:
    • A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an attacker to cause a denial of service (DoS) condition. (CVE 2015-0638)
    • Multiple vulnerabilities in how Cisco IOS processes crafted Common Industrial Protocol (CIP) IP version 4 (IPv4) packets that could allow an attacker to cause a denial of service (DoS) condition. (CVE 2015-0647, CVE 2015-0648, CVE 2015-0649)
  • Cisco IOS and IOS XE are prone to multiple vulnerabilities that could allow for denial of service. These vulnerabilities are as follows:
    • Multiple vulnerabilities in the Autonomic Networking Infrastructure (ANI) feature that could allow an attacker to spoof an Autonomic Networking Registration Authority (ANRA) response and cause a denial of service (DoS) condition (CVE 2015-0635, CVE 2015-0636, CVE 2015-0637)
    • Multiple vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. (CVE 2015-0642, CVE 2015-0643)
    • A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to reload the vulnerable device. (CVE 2015-0650)
    • A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software that could allow an attacker to cause a memory leak and eventual reload of the affected device. (CVE 2015-0646)
  • Cisco IOS XE software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers are prone to multiple vulnerabilities that could allow for denial of service or remote code execution. These vulnerabilities are as follows:
    • A vulnerability in the high-speed logging (HSL) functionality that could allow an attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition (CVE-2015-0640)
    • A vulnerability in the AppNav component that could allow an unauthenticated, remote attacker to cause an affected device to reload and may allow arbitrary code execution on the affected system. (CVE-2015-0644)
    • A vulnerability in IP version 6 (IPv6) parsing that could allow an attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. (CVE-2015-0641)
    • A vulnerability in the Layer 4 Redirect (L4R) processing code that could allow an attacker to cause a reload of the affected device. (CVE-2015-0645)
    • A vulnerability in the Common Flow Table (CFT) processing that could allow an attacker to cause a reload of the affected device. (CVE-2015-0639)

An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted TCP packet to the targeted device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. In addition, the attacker could also execute arbitrary code.

Actions: