N/A

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.

N/A

N/A

多款Cisco产品OSPF路由协议安全绕过漏洞

Cisco IOS、IOS-XE、ASA、FWSM和NX-OS都是美国思科（Cisco）公司的产品。IOS、IOS-XE和NX-OS都是为其网络设备开发的操作系统。ASA和FWSM都是防火墙设备。 多款Cisco产品中的OSPF路由协议LSA数据库的实现中存在安全漏洞，该漏洞源于程序在LSA数据库上执行操作之前没有正确验证Link State Advertisement (LSA) type 1报文。远程攻击者可通过发送特制单播或多播报文利用该漏洞造成拒绝服务（路由中断）或获得敏感的报文信息。以下产品及版

N/A

N/A