Cisco IOS Software RADIUS client Denial of Service Vulnerability (CVE-2015-6263)
Cisco IOS Software RADIUS client Denial of Service Vulnerability (CVE-2015-6263)
Release date:
Updated on:
Affected Systems:
Cisco IOS 15.4 (3) M2.2
Description:
CVE (CAN) ID: CVE-2015-6263
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
The RADIUS client function of Cisco IOS Software has a security vulnerability that can cause authenticated remote attackers to overload affected devices. This vulnerability is caused by incorrect parsing of malformed RADIUS packets returned by the RADIUS server.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20151005-ios-radius) and patches for this:
Cisco IOS Software RADIUS Client Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius
This article permanently updates the link address: