Cisco IOS/ios xe Software BGP Message Denial of Service Vulnerability (CVE-2016-1459)
Cisco IOS/ios xe Software BGP Message Denial of Service Vulnerability (CVE-2016-1459)
Release date:
Updated on:
Affected Systems:
Cisco IOS 15.0-15.5
Cisco IOS 12.4
Cisco ios xe 3.13-3.17
Cisco IOS XE
Description:
CVE (CAN) ID: CVE-2016-1459
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
The BGP message processing function of Cisco IOS 12.4, 15.0-15.5, and ios xe 3.13-3.17 does not properly process the constructed BGP attributes. Attackers can overload the affected devices.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160715-bgp) and patches for this:
Cisco-sa-20160715-bgp: Cisco IOS and ios xe Software Border Gateway Protocol Message Processing Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp
This article permanently updates the link address: