A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling regular expressions containing repetition operators and pattern recalls. This can be exploited to cause a stack overflow by sending a command with specially crafted regular expressions to the command line interface.
Successful exploitation causes the device to crash and requires a reboot, but requires valid user credentials.
The vulnerability is reported in versions 12.0, 12.1, 12.2, 12.3, and 12.4.
Solution:
Restrict access to trusted people only.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment