Vigil@nce - Cisco IOS: denial of service via Zone-Based Firewall Kernel Timer
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious data for the Zone-Based Firewall of
Cisco IOS, in order to trigger a denial of service.
– Impacted products: IOS, Cisco Router xx00 Series
– Severity: 2/4
– Creation date: 10/02/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS product offers a Zone-Based Firewall feature.
However, when a malicious traffic is received, a fatal error
occurs in the management of kernel timers. Technical details are
unknown.
An attacker can therefore send malicious data for the Zone-Based
Firewall of Cisco IOS, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN