Vigil@nce - Cisco 2900 Series ISR: denial of service via NBAR
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious IPv4 packet to Cisco 2900 Series
ISR with NBAR, in order to trigger a denial of service.
– Impacted products: IOS, Cisco Router xx00 Series
– Severity: 2/4
– Creation date: 27/01/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco 2900 Series Integrated Services Router product
implements the NBAR (Network-Based Application Recognition)
protocol which recognizes streams, in order to apply different
policies on them.
However, a malicious IPv4 packet locks the NBAR process. Technical
details are unknown.
An attacker can therefore send a malicious IPv4 packet to Cisco
2900 Series ISR with NBAR, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-2900-Series-ISR-denial-of-service-via-NBAR-16057