Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
多款Cisco产品Cisco StarOS 输入验证漏洞
Vulnerability Description
Cisco Virtualized Packet Core-Single Instance(VPC-SI)、Virtualized Packet Core-Distributed Instance(VPC-DI)和Ultra Packet Core(UPC)都是美国思科(Cisco)公司的被部署在专用硬件平台的StarOS软件的产品化版本。Cisco StarOS是其中的一套虚拟化操作系统。 多款Cisco产品中的Cisco StarOS中对IPv4数据包片段的组装逻辑存在输入验证漏洞,该漏洞源于程序没有
CVSS Information
N/A
Vulnerability Type
N/A