CERTA-2004-AVI-067
Vulnerability from certfr_avis

None

Description

Selon Cisco, un utilisateur mal intentionné peut, au moyen d'un paquet habilement constitué envoyé à destination du port de supervision 5002/udp du commutateur, réaliser un déni de service par redémarrage à chaud du commutateur vulnérable.

Solution

Se référer au bulletin de sécurité du constructeur (cf. section Documentation) pour l'obtention d'un correctif.

Commutateurs Cisco CSS 11050, 11150, 11800 avec les versions du logiciel WebNS suivantes :

  • pour la série 5.0, versions de WebNS antérieures à la version 05.0(04.07)S ;
  • pour la série 6.10, versions de WebNS antérieures à la version 06.10(02.05)S.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCommutateurs Cisco CSS 11050, 11150,  11800 avec les versions du logiciel WebNS suivantes :  \u003cUL\u003e    \u003cLI\u003epour la s\u00e9rie 5.0, versions de WebNS ant\u00e9rieures \u00e0 la    version 05.0(04.07)S ;\u003c/LI\u003e    \u003cLI\u003epour la s\u00e9rie 6.10, versions de WebNS ant\u00e9rieures \u00e0 la    version 06.10(02.05)S.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nSelon Cisco, un utilisateur mal intentionn\u00e9 peut, au moyen d\u0027un paquet\nhabilement constitu\u00e9 envoy\u00e9 \u00e0 destination du port de supervision\n5002/udp du commutateur, r\u00e9aliser un d\u00e9ni de service par red\u00e9marrage \u00e0\nchaud du commutateur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 du constructeur (cf. section\nDocumentation) pour l\u0027obtention d\u0027un correctif.\n",
  "cves": [],
  "initial_release_date": "2004-03-05T00:00:00",
  "last_revision_date": "2004-03-05T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 \"Cisco CSS 11000  series Content services switches malformed UDP packet  vulnerability\" de Cisco :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml"
    }
  ],
  "reference": "CERTA-2004-AVI-067",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "D\u00e9ni de service des commutateurs Cisco CSS 11000",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Cisco",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.