Release date:
Updated on:
Affected Systems:
Cisco IOS 15.x
Unaffected system:
Cisco IOS 15.2 (3) T
Cisco IOS 15.2 (2) T1
Cisco IOS 15.2 (1) T2
Cisco IOS 15.2 (1) GC2
Cisco IOS 15.1 (4) M4
Cisco IOS 15.1 (3) T3
Cisco IOS 15.1 (2) GC2
Cisco IOS 15.1 (2) EY2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52751
Cve id: CVE-2012-1312, CVE-2012-1314
Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet connection. The Cisco Wide Area Application Services (WAAS) Express function optimizes the WAN bandwidth required to centrally place applications. Cisco Measurement, Aggregation, and Correlation Engine (MACE) is used to measure and analyze network packets.
The WAAS and MACE functions of Cisco IOS software have security vulnerabilities. They allow remote unauthenticated attackers to overload affected devices or leak memory.
<* Source: Cisco
Link: http://secunia.com/advisories/48595/
Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace#iosxe
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120328-mace # iosxe) and patches for this:
Cisco-sa-20120328-mace # iosxe: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace#iosxe