Vigil@nce - Cisco IPS: multiple vulnerabilities
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Cisco IPS.
Impacted products: Cisco IPS
Severity: 2/4
Creation date: 19/02/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Cisco IPS.
An attacker can send fragmented IP packets for the Analysis
Engine, in order to trigger a denial of service. [severity:2/4;
BID-65665, CSCui91266, CVE-2014-0718]
An attacker can send a packet to the port 7000/tcp of
Control-Plane MainApp, in order to trigger a denial of service.
[severity:2/4; BID-65667, CSCui67394, CVE-2014-0719]
An attacker can send Jumbo Frames, in order to trigger a denial of
service. [severity:2/4; BID-65669, CSCuh94944, CVE-2014-0720]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IPS-multiple-vulnerabilities-14283