Multiple Remote Denial of Service Vulnerabilities in Cisco ios waas and MACE

Release date:
Updated on:

Affected Systems:
Cisco IOS 15.x
Unaffected system:
Cisco IOS 15.2 (3) T
Cisco IOS 15.2 (2) T1
Cisco IOS 15.2 (1) T2
Cisco IOS 15.2 (1) GC2
Cisco IOS 15.1 (4) M4
Cisco IOS 15.1 (3) T3
Cisco IOS 15.1 (2) GC2
Cisco IOS 15.1 (2) EY2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52751
Cve id: CVE-2012-1312, CVE-2012-1314

Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet connection. The Cisco Wide Area Application Services (WAAS) Express function optimizes the WAN bandwidth required to centrally place applications. Cisco Measurement, Aggregation, and Correlation Engine (MACE) is used to measure and analyze network packets.

The WAAS and MACE functions of Cisco IOS software have security vulnerabilities. They allow remote unauthenticated attackers to overload affected devices or leak memory.

<* Source: Cisco

Link: http://secunia.com/advisories/48595/
Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace#iosxe

*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120328-mace # iosxe) and patches for this:

Cisco-sa-20120328-mace # iosxe: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace#iosxe