ESB-2018.2627.2 - UPDATE [Cisco] Cisco Products: Denial of service - Remote/unauthenticated 2018-09-14

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2018.2627.2
           Linux Kernel IP Fragment Reassembly Denial of Service
                  Vulnerability Affecting Cisco Products
                             14 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Products
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-5391  

Reference:         ESB-2018.2612
                   ESB-2018.2468
                   ESB-2018.2457
                   ESB-2018.2342

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment

Revision History:  September 14 2018: Vendor updated lists of products that are 
                                        vulnerable, not vulnerable, under 
                                        investigation and fixed releases
                   September  5 2018: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Security Advisory

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting
Cisco Products: August 2018

Severity: High
Advisory ID: cisco-sa-20180824-linux-ip-fragment
First Published: 2018 August 24 21:30 GMT
Last Updated: 2018 September 13 18:41 GMT
Version 1.7: Interim
Workarounds: Yes

CVE-2018-5391
CWE-400
CVE-2018-5391
CWE-400


Summary

  o On August 14, 2018, the Vulnerability Coordination team of the National
    Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center
    (CERT/CC) disclosed a vulnerability in the IP stack that is used by the
    Linux Kernel. This vulnerability is publicly known as FragmentSmack.

    The vulnerability could allow an unauthenticated, remote attacker to cause
    a denial of service (DoS) condition on an affected device. An attack could
    be executed by an attacker who can submit a stream of fragmented IPv4 or
    IPv6 packets that are designed to trigger the issue on an affected device.

    The vulnerability is due to inefficient IPv4 and IPv6 fragment reassembly
    algorithms in the IP stack that is used by the affected kernel. Linux
    Kernel Versions 3.9 and later are known to be affected by this
    vulnerability.

    This advisory will be updated as additional information becomes available.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20180824-linux-ip-fragment

Affected Products

  o Cisco is investigating its product line to determine which products and
    services may be affected by this vulnerability. The investigation is
    focusing primarily on Cisco products that use Linux Kernel Version 3.9 or
    later.

    The "Vulnerable Products" section of this advisory includes Cisco bug IDs
    for each affected product or service. The bugs are accessible through the
    Cisco Bug Search Tool and contain additional platform-specific information,
    including workarounds (if available) and fixed software releases.

    Any product or service not listed in the "Products Under Investigation" or
    "Vulnerable Products" section of this advisory is to be considered not
    vulnerable. Because this is an ongoing investigation, be aware that
    products and services that are currently considered not vulnerable may
    subsequently be considered vulnerable as additional information becomes
    available.

    Products Under Investigation

    The following products are under active investigation to determine whether
    they are affected by the vulnerability that is described in this advisory.

    Routing and Switching - Enterprise and Service Provider
      - Cisco ASR 5000 Series Routers
      - Cisco Application Policy Infrastructure Controller (APIC) - Enterprise
        module
      - Cisco Nexus 7000 Series Switches

    Voice and Unified Communications Devices
      - Cisco Webex Video Mesh Node
      - Cisco Webex Hybrid Data Security Node


    Vulnerable Products

    The following table lists Cisco products that are affected by the
    vulnerability that is described in this advisory:

    Product               Cisco Bug ID Fixed Release Availability
                                            
    *Collaboration and Social Media
    
    Cisco SocialMiner                   CSCvk78929
    
    *Network Application, Service, and Acceleration
 
    Cisco Cloud Services Platform 2100  CSCvm15451
    Cisco Tetration Analytics           CSCvm15463
    Cisco vEdge 100 Series Routers      CSCvm15501
    Cisco vEdge 1000 Series Routers     CSCvm15501
    Cisco vEdge 2000 Series Routers     CSCvm15501
    Cisco vEdge 5000 Series Routers     CSCvm15501
    Cisco vEdge Cloud Router Platform   CSCvm15501

    *Network and Content Security Devices

    Cisco FireSIGHT System Software     CSCvm10968
    Cisco Firepower Management Center   CSCvm10968
    Cisco Firepower Threat Defense                 6.2.3-99 (FTD Virtual for
    (FTD) Software                      CSCvm05464 the Microsoft Azure Cloud -
                                                   Available)
    Cisco Firepower eXtensible          CSCvm21278
    Operating System (FXOS) Software
    Cisco Identity Services Engine      CSCvm15495
    (ISE)
    Cisco Secure Access Control System  CSCvm09119
    (ACS)
    Cisco Threat Grid Appliance         CSCvm15448 2.5 (Sept-2018)
    Cisco Umbrella Virtual Appliance    CSCvm15497
                        
    *Network Management and Provisioning
    
    Cisco CloudCenter                   CSCvm40406
    Cisco Elastic Service Controller    CSCvm15475
    (ESC)
    Cisco Enterprise Service Automation CSCvm15467 No Fix Expected - EoL
    Cisco Evolved Programmable Network  CSCvm18160
    Manager
    Cisco Meeting Server                CSCvm15488
    Cisco Network Analysis Module       CSCvm15477
    Cisco Policy Suite                  CSCvm15802
    Cisco Prime Collaboration Assurance CSCvm15480 11.6 es19 (Oct-2018)
                                                   12.1 sp2 (Oct-2018)
    Cisco Prime Collaboration           CSCvm15504
    Deployment
    Cisco Prime Collaboration           CSCvm15479
    Provisioning
    Cisco Prime Infrastructure          CSCvm15478
    Cisco Prime Network Registrar       CSCvm15471
    Virtual Appliance
    Cisco Prime Service Catalog Virtual CSCvm15492
    Appliance
    Cisco Virtual Topology System -
    Virtual Topology Controller (VTC)   CSCvm21613 2.6.2 (Sept-2018)
    VM
    Cisco Virtual Topology System -     CSCvm21614 Consult the Cisco bug ID for
    Virtual Topology Forwarder (VTF) VM            details
              
    *Routing and Switching - Enterprise and Service Provider

    Cisco ACI Virtual Edge              CSCvm15456
    Cisco Application Policy            CSCvm15454
    Infrastructure Controller (APIC)
    Cisco DNA Center                    CSCvm15474
                                                   16.10.1 (Oct -2018)
    Cisco IOS XE Software               CSCvm09121 16.9.2 (Oct -2018)
                                                   16.6.5 (Feb-2019)
                                                   16.3.8 (Jan-2019)
    Cisco IOx Fog Director              CSCvm15498
    Cisco MDS 9000 Series Multilayer    CSCvm15459
    Switches
    Cisco Network Assurance Engine      CSCvm15450
    Cisco Nexus 3000 Series Switches    CSCvm09117
    Cisco Nexus 9000 Series Fabric      CSCvm15457
    Switches - ACI mode
    Cisco Nexus 9000 Series Switches -  CSCvm09117
    Standalone, NX-OS mode

    *Unified Computing

    Cisco Enterprise NFV Infrastructure CSCvm15500
    Software (NFVIS)
    Cisco HyperFlex System              CSCvm15800
    Cisco UCS B-Series M5 Blade Servers CSCvm18261
    - Integrated Management Controller
    Cisco UCS Standalone C-Series M5
    Rack Server - Integrated Management CSCvm15466
    Controller
    
    *Voice and Unified Communications Devices

    Cisco Emergency Responder           CSCvm15507
    Cisco Finesse                       CSCvk78931
    Cisco IP Phone 7800 Series with     CSCvm24442
    Multiplatform Firmware
    Cisco IP Phone 7800 Series          CSCvm15510
    Cisco IP Phone 7832 with            CSCvm24440
    Multiplatform Firmware
    Cisco IP Phone 8800 Series with     CSCvm24436
    Multiplatform Firmware
    Cisco IP Phone 8800 Series          CSCvm21280
    Cisco MediaSense                    CSCvk78932
    Cisco Paging Server                 CSCvm15509 12.5.1 (Nov-2018)
    Cisco Unified Communications Domain CSCvm15505
    Manager
    Cisco Unified Communications
    Manager IM & Presence Service       CSCvm15508
    (formerly CUPS)
    Cisco Unified Communications        CSCvm15503
    Manager Session Management Edition
    Cisco Unified Communications        CSCvm15503
    Manager
    Cisco Unified Contact Center        CSCvk78928
    Enterprise - Live Data server
    Cisco Unified Contact Center        CSCvm15506
    Express
    Cisco Unified Intelligence Center   CSCvk78927
    Cisco Unity Connection              CSCvm15803
    Cisco Virtualized Voice Browser     CSCvk78933
    Cisco Webex Meetings Server         CSCvm44844 2.8 MR3 (Nov-2018)
              
    *Video, Streaming, TelePresence, and Transcoding Devices

    Cisco Expressway Series             CSCvm15491
    Cisco Meeting Management            CSCvm15483
    Cisco TelePresence Conductor        CSCvm15486
    Cisco TelePresence Integrator C     CSCvm15489
    Series
    Cisco TelePresence MX Series        CSCvm15489
    Cisco TelePresence Profile Series   CSCvm15489
    Cisco TelePresence SX80 Codec       CSCvm15489
    Cisco TelePresence Server on        CSCvm15490
    Virtual Machine
    Cisco TelePresence System EX Series CSCvm15489
    Cisco TelePresence Video            CSCvm15491
    Communication Server (VCS)
    Cisco Video Surveillance 8000       CSCvm15494
    Series IP Cameras
    Cisco Webex Room Kit                CSCvm15489

    *Wireless

    Cisco Aironet 1560 Series Access    CSCvm15469
    Points
    Cisco Aironet 1815 Series Access    CSCvm15469
    Points
    Cisco Aironet 2800 Series Access    CSCvm15469
    Points
    Cisco Aironet 3800 Series Access    CSCvm15469
    Points
    Cisco Mobility Services Engine      CSCvm15476
    Cisco Wireless LAN Controller       CSCvm15482

   
    Products Confirmed Not Vulnerable

    Only products and services listed in the "Vulnerable Products" section of
    this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    products and services.

    Network and Content Security Devices
      - Cisco Adaptive Security Appliance (ASA) Software
      - Cisco Adaptive Security Virtual Appliance (ASAv)

    Network Management and Provisioning
      - Cisco Prime Optical

    Routing and Switching - Enterprise and Service Provider
      - Cisco IOS XRv 9000 Router, Cisco ASR 9000 Series Aggregation Services
        Routers - Running Cisco IOS XR 64-bit (eXR) Software
      - Cisco Network Convergence System 1000 Series Routers
      - Cisco Network Convergence System 5000 Series Routers
      - Cisco Network Convergence System 5500 Series Routers
      - Cisco Network Convergence System 6000 Series Routers
      - Cisco Nexus 1000V Series Switches

    Unified Computing
      - Cisco UCS Fabric Interconnects

    Voice and Unified Communications Devices
      - Cisco IP Phone 8845 with Multiplatform Firmware
      - Cisco IP Phone 8865 with Multiplatform Firmware
      - Cisco Unified IP 8831 Conference Phone for Third-Party Call Control
      - Cisco Wireless IP Phone 8821

    Wireless
      - Cisco Aironet 1810 Series OfficeExtend Access Points
      - Cisco Aironet 1810w Series Access Points
      - Cisco Aironet 1830 Series Access Points
      - Cisco Aironet 1850 Series Access Points

Workarounds

  o Any workarounds will be documented in product-specific Cisco bugs, which
    are identified in the "Vulnerable Products" section of this advisory.

    In many cases, platform-dependent workarounds may be available.
    Administrators may be able to leverage access control lists (ACLs), Control
    Plane Policing (CoPP), or other rate limiting measures to control the flow
    of fragmented packets that reach an affected interface. Off-device
    mitigations, such as external firewalls or infrastructure ACLs on edge
    devices, may also effectively control the flow of IP fragments that are
    directed to management interfaces or control planes of downstream affected
    devices.

Fixed Software

  o For information about fixed software releases, consult the Cisco bugs
    identified in the "Vulnerable Products" section of this advisory.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    TAC or their contracted maintenance providers.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any malicious use of the vulnerability that is described in this advisory.

Source

  o This vulnerability was reported by Juha-Matti Tilli, of the Aalto
    University Department of Communications and Networking, and Nokia Bell
    Labs.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

  o Subscribe

Related to This Advisory

  o Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20180824-linux-ip-fragment

Revision History

  o 
    +---------+-----------------------+-------------+---------+-------------------+
    | Version |      Description      |   Section   | Status  |       Date        |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.7     | and products          | Products,   | Interim | 2018-September-13 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.6     | and products          | Products,   | Interim | 2018-September-10 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.5     | and products          | Products,   | Interim | 2018-September-06 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  | Affected    |         |                   |
    | 1.4     | products under        | Products,   | Interim | 2018-September-04 |
    |         | investigation and     | Vulnerable  |         |                   |
    |         | vulnerable products.  | Products    |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.3     | and products          | Products,   | Interim | 2018-August-30    |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.2     | and products          | Products,   | Interim | 2018-August-29    |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    |         | Updated the lists of  | Affected    |         |                   |
    |         | products under        | Products,   |         |                   |
    |         | investigation,        | Vulnerable  |         |                   |
    | 1.1     | vulnerable products,  | Products,   | Interim | 2018-August-28    |
    |         | and products          | Products    |         |                   |
    |         | confirmed not         | Confirmed   |         |                   |
    |         | vulnerable.           | Not         |         |                   |
    |         |                       | Vulnerable  |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+
    | 1.0     | Initial public        | --           | Interim | 2018-August-24    |
    |         | release.              |             |         |                   |
    +---------+-----------------------+-------------+---------+-------------------+

Legal Disclaimer

  o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
    OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
    FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
    OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
    THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO
    UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.

    A standalone copy or paraphrase of the text of this document that omits the
    distribution URL is an uncontrolled copy and may lack important information
    or contain factual errors. The information in this document is intended for
    end users of Cisco products.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.


Related to This Advisory

  o Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability



- --------------------------------------------------------------------------------



Cisco Security Advisory

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting
Cisco Products: August 2018

High
Advisory ID:      cisco-sa-20180824-linux-ip-fragment
First Published:  2018 August 24 21:30 GMT
Last Updated:     2018 September 4 18:38 GMT
Version 1.4:      Interim
Workarounds:      Yes

CVE-2018-5391
CWE-400

Summary

  * On August 14, 2018, the Vulnerability Coordination team of the National
    Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center
    (CERT/CC) disclosed a vulnerability in the IP stack that is used by the
    Linux Kernel. This vulnerability is publicly known as FragmentSmack.

    The vulnerability could allow an unauthenticated, remote attacker to cause
    a denial of service (DoS) condition on an affected device. An attack could
    be executed by an attacker who can submit a stream of fragmented IPv4 or
    IPv6 packets that are designed to trigger the issue on an affected device.

    The vulnerability is due to inefficient IPv4 and IPv6 fragment reassembly
    algorithms in the IP stack that is used by the affected kernel. Linux
    Kernel Versions 3.9 and later are known to be affected by this
    vulnerability.

    This advisory will be updated as additional information becomes available.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20180824-linux-ip-fragment

Affected Products

  * Cisco is investigating its product line to determine which products and
    services may be affected by this vulnerability. The investigation is
    focusing primarily on Cisco products that use Linux Kernel Version 3.9 or
    later.

    The ?Vulnerable Products? section of this advisory includes Cisco bug IDs
    for each affected product or service. The bugs are accessible through the
    Cisco Bug Search Tool and contain additional platform-specific information,
    including workarounds (if available) and fixed software releases.

    Any product or service not listed in the ?Products Under Investigation? or
    ?Vulnerable Products? section of this advisory is to be considered not
    vulnerable. Because this is an ongoing investigation, be aware that
    products and services that are currently considered not vulnerable may
    subsequently be considered vulnerable as additional information becomes
    available.

    Products Under Investigation

    The following products are under active investigation to determine whether
    they are affected by the vulnerability that is described in this advisory.

    Network and Content Security Devices
      + Cisco Firepower eXtensible Operating System (FXOS) Software
      + Cisco Threat Grid Appliance

    Network Management and Provisioning
      + Cisco Enterprise Service Automation
      + Cisco Prime Optical
      + Cisco Virtual Topology System (formerly Cisco Virtual Systems
        Operations Center)

    Routing and Switching - Enterprise and Service Provider
      + Cisco ASR 5000 Series Routers
      + Cisco Application Policy Infrastructure Controller (APIC) - Enterprise
        module
      + Cisco IOS XRv 9000 Router, Cisco ASR 9000 Series Aggregation Services
        Routers - Running Cisco IOS XR 64-bit (eXR) Software
      + Cisco Network Convergence System 1000 Series Routers
      + Cisco Network Convergence System 5000 Series Routers
      + Cisco Network Convergence System 5500 Series Routers
      + Cisco Network Convergence System 6000 Series Routers
      + Cisco Nexus 7000 Series Switches
      + Cisco Nexus 9000 Series Fabric Switches - ACI mode

    Unified Computing
      + Cisco HyperFlex System

    Voice and Unified Communications Devices
      + Cisco IP Phone 7800 Series with Multiplatform Firmware
      + Cisco IP Phone 8800 Series with Multiplatform Firmware
      + Cisco Wireless IP Phone 8821


    Vulnerable Products

    The following table lists Cisco products that are affected by the
    vulnerability that is described in this advisory:

                        Product                     Cisco Bug   Fixed Release
                                                        ID       Availability
                          Collaboration and Social Media
    Cisco SocialMiner                               CSCvk78929
                  Network Application, Service, and Acceleration
    Cisco Cloud Services Platform 2100              CSCvm15451
    Cisco Tetration Analytics                       CSCvm15463
    Cisco vEdge 100 Series Routers                  CSCvm15501
    Cisco vEdge 1000 Series Routers                 CSCvm15501
    Cisco vEdge 2000 Series Routers                 CSCvm15501
    Cisco vEdge 5000 Series Routers                 CSCvm15501
    Cisco vEdge Cloud Router Platform               CSCvm15501
                       Network and Content Security Devices
    Cisco FireSIGHT System Software                 CSCvm10968
    Cisco Firepower Threat Defense (FTD) Software   CSCvm05464
    Cisco Identity Services Engine (ISE)            CSCvm15495
    Cisco Secure Access Control System (ACS)        CSCvm09119
    Cisco Umbrella Virtual Appliance                CSCvm15497
                        Network Management and Provisioning
    Cisco Elastic Service Controller (ESC)          CSCvm15475
    Cisco Evolved Programmable Network Manager      CSCvm18160
    Cisco Meeting Server                            CSCvm15488
    Cisco Network Analysis Module                   CSCvm15477
    Cisco Policy Suite                              CSCvm15802
                                                               11.6 es19
    Cisco Prime Collaboration Assurance             CSCvm15480 (Oct-2018)
                                                               12.1 sp2
                                                               (Oct-2018)
    Cisco Prime Collaboration Deployment            CSCvm15504
    Cisco Prime Collaboration Provisioning          CSCvm15479
    Cisco Prime Infrastructure                      CSCvm15478
    Cisco Prime Network Registrar Virtual Appliance CSCvm15471
    Cisco Prime Service Catalog Virtual Appliance   CSCvm15492
              Routing and Switching - Enterprise and Service Provider
    Cisco ACI Virtual Edge                          CSCvm15456
    Cisco Application Policy Infrastructure         CSCvm15454
    Controller (APIC)
    Cisco DNA Center                                CSCvm15474
    Cisco IOS XE Software                           CSCvm09121
    Cisco IOx Fog Director                          CSCvm15498
    Cisco MDS 9000 Series Multilayer Switches       CSCvm15459
    Cisco Network Assurance Engine                  CSCvm15450
    Cisco Nexus 3000 Series Switches                CSCvm09117
    Cisco Nexus 9000 Series Switches - Standalone,  CSCvm09117
    NX-OS mode
                                 Unified Computing
    Cisco Enterprise NFV Infrastructure Software    CSCvm15500
    (NFVIS)
    Cisco UCS B-Series M5 Blade Servers -           CSCvm18261
    Integrated Management Controller
    Cisco UCS Standalone C-Series M5 Rack Server -  CSCvm15466
    Integrated Management Controller
                     Voice and Unified Communications Devices
    Cisco Emergency Responder                       CSCvm15507
    Cisco Finesse                                   CSCvk78931
    Cisco IP Phone 7800 Series                      CSCvm15510
    Cisco IP Phone 8800 Series                      CSCvm21280
    Cisco MediaSense                                CSCvk78932
    Cisco Paging Server                             CSCvm15509 12.5.1
                                                               (Nov-2018)
    Cisco Unified Communications Domain Manager     CSCvm15505
    Cisco Unified Communications Manager IM &       CSCvm15508
    Presence Service (formerly CUPS)
    Cisco Unified Communications Manager Session    CSCvm15503
    Management Edition
    Cisco Unified Communications Manager            CSCvm15503
    Cisco Unified Contact Center Enterprise - Live  CSCvk78928
    Data server
    Cisco Unified Contact Center Express            CSCvm15506
    Cisco Unified Intelligence Center               CSCvk78927
    Cisco Unity Connection                          CSCvm15803
    Cisco Virtualized Voice Browser                 CSCvk78933
              Video, Streaming, TelePresence, and Transcoding Devices
    Cisco Expressway Series                         CSCvm15491
    Cisco Meeting Management                        CSCvm15483
    Cisco TelePresence Conductor                    CSCvm15486
    Cisco TelePresence Integrator C Series          CSCvm15489
    Cisco TelePresence MX Series                    CSCvm15489
    Cisco TelePresence Profile Series               CSCvm15489
    Cisco TelePresence SX80 Codec                   CSCvm15489
    Cisco TelePresence Server on Virtual Machine    CSCvm15490
    Cisco TelePresence System EX Series             CSCvm15489
    Cisco TelePresence Video Communication Server   CSCvm15491
    (VCS)
    Cisco Video Surveillance 8000 Series IP Cameras CSCvm15494
    Cisco Webex Room Kit                            CSCvm15489
                                     Wireless
    Cisco Aironet 1560 Series Access Points         CSCvm15469
    Cisco Aironet 1815 Series Access Points         CSCvm15469
    Cisco Aironet 2800 Series Access Points         CSCvm15469
    Cisco Aironet 3800 Series Access Points         CSCvm15469
    Cisco Mobility Services Engine                  CSCvm15476
    Cisco Wireless LAN Controller                   CSCvm15482


    Products Confirmed Not Vulnerable

    Only products and services listed in the Vulnerable Products section of
    this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    products and services:

    Network and Content Security Devices
      + Cisco Adaptive Security Appliance (ASA) Software
      + Cisco Adaptive Security Virtual Appliance (ASAv)

    Routing and Switching - Enterprise and Service Provider
      + Cisco Nexus 1000V Series Switches

    Unified Computing
      + Cisco UCS Fabric Interconnects

    Voice and Unified Communications Devices
      + Cisco Unified IP 8831 Conference Phone for Third-Party Call Control

    Wireless
      + Cisco Aironet 1810 Series OfficeExtend Access Points
      + Cisco Aironet 1810w Series Access Points
      + Cisco Aironet 1830 Series Access Points
      + Cisco Aironet 1850 Series Access Points

Workarounds

  * Any workarounds will be documented in product-specific Cisco bugs, which
    are identified in the ?Vulnerable Products? section of this advisory.

    In many cases, platform-dependent workarounds may be available.
    Administrators may be able to leverage access control lists (ACLs), Control
    Plane Policing (CoPP), or other rate limiting measures to control the flow
    of fragmented packets that reach an affected interface. Off-device
    mitigations, such as external firewalls or infrastructure ACLs on edge
    devices, may also effectively control the flow of IP fragments that are
    directed to management interfaces or control planes of downstream affected
    devices.

Fixed Software

  * For information about fixed software releases, consult the Cisco bugs
    identified in the ?Vulnerable Products? section of this advisory.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    TAC or their contracted maintenance providers.

Exploitation and Public Announcements

  * The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any malicious use of the vulnerability that is described in this advisory.

Source

  * This vulnerability was reported by Juha-Matti Tilli, of the Aalto
    University Department of Communications and Networking, and Nokia Bell
    Labs.

Cisco Security Vulnerability Policy

  * To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.


Related to This Advisory

  * Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability

URL

  * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20180824-linux-ip-fragment

Revision History

  * 
    +-----------------------------------------------------------------------------+
    | Version |      Description      |   Section   | Status  |       Date        |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  | Affected    |         |                   |
    | 1.4     | products under        | Products,   | Interim | 2018-September-04 |
    |         | investigation and     | Vulnerable  |         |                   |
    |         | vulnerable products.  | Products    |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.3     | and products          | Products,   | Interim | 2018-August-30    |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.2     | and products          | Products,   | Interim | 2018-August-29    |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  | Affected    |         |                   |
    |         | products under        | Products,   |         |                   |
    |         | investigation,        | Vulnerable  |         |                   |
    | 1.1     | vulnerable products,  | Products,   | Interim | 2018-August-28    |
    |         | and products          | Products    |         |                   |
    |         | confirmed not         | Confirmed   |         |                   |
    |         | vulnerable.           | Not         |         |                   |
    |         |                       | Vulnerable  |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    | 1.0     | Initial public        | ?           | Interim | 2018-August-24    |
    |         | release.              |             |         |                   |
    +-----------------------------------------------------------------------------+

Legal Disclaimer

  * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
    OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
    FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
    OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
    THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO
    UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.

    A standalone copy or paraphrase of the text of this document that omits the
    distribution URL is an uncontrolled copy and may lack important information
    or contain factual errors. The information in this document is intended for
    end users of Cisco products.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW5sRh2aOgq3Tt24GAQhAKRAAuxFlruiI1OyhgX2MstvfSN0S15ET+Gxi
OJ6O72Jji1n7K/Ni8guCLOpxvGSogj9UXhprasdN0NNG79bLmhjP/I2OMXmFpVhd
FFRRUpJ0mzHK8LMbXIapbFd3fXlT5fSk/I6OLUHgxdrVF1OCo0/0Av4WKB8ch/HQ
oZRvFfy8BQ5H+2w6szvrqYm9euMcGIHF8/iCH63vopApHSBUjFGRx/2TFayjsJ4m
fAuzMLkmIxor/oKZr6x3nejqEksol47ASYcffYJ/OGNtBk+Y96S4+/VyEjDFfOAq
CGpUAyDoKD9RPxxDPx2HM9nh3qvR3o7xmmdLdGcR44g+4CXQiusBEz++lwiBVcM8
qYQnuiJUB/92t9PFY+5MRUrVbw1DKu263M/tgJwovxciau4AFBjwlXFYLwRhuftY
wI3rB8m0SEcIRr9NFNHvZrghkjysnPaqTfXpk1XveBTXbVXMbuYZUdA69jT6W8YQ
pdURSuP5eLy2+H3bgVv5nW8rBO8JKxs5K4+7r1JmX+Jij16jQ1U7zWEdMkanYB8x
mvjfc/NcisT5irMQkD9gb++ndUb8ptfmdwx5EvC5/BtRp4SVZpIrdcM7LzJLqYR1
r9K1M+YY9t1HSr0Ywy0uty7zSFV/W3ML416cGwIlUkqdnJdDYMaPtjUvzSVZqmNP
wvfnpP34PEM=
=fRuN
-----END PGP SIGNATURE-----

« Back to bulletins