The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 12.2(33)xn1 (including) | 12.2(33)xn1 (including) |
| Ios | Cisco | 12.2(44)sq1 (including) | 12.2(44)sq1 (including) |
| Ios | Cisco | 12.4(23)jy (including) | 12.4(23)jy (including) |
| Ios | Cisco | 12.4(25e)jam1 (including) | 12.4(25e)jam1 (including) |
| Ios | Cisco | 12.4(25e)jao5m (including) | 12.4(25e)jao5m (including) |
| Ios | Cisco | 15.0(2)ed1 (including) | 15.0(2)ed1 (including) |
| Ios | Cisco | 15.0(2)ey3 (including) | 15.0(2)ey3 (including) |
| Ios | Cisco | 15.1(3)svf4a (including) | 15.1(3)svf4a (including) |
| Ios | Cisco | 15.2(2)jb1 (including) | 15.2(2)jb1 (including) |
| Ios_xe | Cisco | 2.5.0 (including) | 2.5.0 (including) |
| Ios_xe | Cisco | 2.5.1 (including) | 2.5.1 (including) |
| Ios_xe | Cisco | 2.5.2 (including) | 2.5.2 (including) |
| Ios_xe | Cisco | 2.6.0 (including) | 2.6.0 (including) |
| Ios_xe | Cisco | 2.6.1 (including) | 2.6.1 (including) |
| Ios_xe | Cisco | 2.6.2 (including) | 2.6.2 (including) |
| Ios_xe | Cisco | 3.1s.0 (including) | 3.1s.0 (including) |
| Ios_xe | Cisco | 3.1s.1 (including) | 3.1s.1 (including) |
| Ios_xe | Cisco | 3.1s.2 (including) | 3.1s.2 (including) |
| Ios_xe | Cisco | 3.1s.3 (including) | 3.1s.3 (including) |
| Ios_xe | Cisco | 3.1s.4 (including) | 3.1s.4 (including) |
| Ios_xe | Cisco | 3.1s.5 (including) | 3.1s.5 (including) |
| Ios_xe | Cisco | 3.1s.6 (including) | 3.1s.6 (including) |
| Ios_xe | Cisco | 3.1sg.0 (including) | 3.1sg.0 (including) |
| Ios_xe | Cisco | 3.1sg.1 (including) | 3.1sg.1 (including) |
| Ios_xe | Cisco | 3.2s.0 (including) | 3.2s.0 (including) |
| Ios_xe | Cisco | 3.2s.1 (including) | 3.2s.1 (including) |
| Ios_xe | Cisco | 3.2s.2 (including) | 3.2s.2 (including) |
| Ios_xe | Cisco | 3.2s.3 (including) | 3.2s.3 (including) |
| Ios_xe | Cisco | 3.2se.0 (including) | 3.2se.0 (including) |
| Ios_xe | Cisco | 3.2se.1 (including) | 3.2se.1 (including) |
| Ios_xe | Cisco | 3.2se.2 (including) | 3.2se.2 (including) |
| Ios_xe | Cisco | 3.2se.3 (including) | 3.2se.3 (including) |
| Ios_xe | Cisco | 3.2sg.0 (including) | 3.2sg.0 (including) |
| Ios_xe | Cisco | 3.2sg.1 (including) | 3.2sg.1 (including) |
| Ios_xe | Cisco | 3.2sg.2 (including) | 3.2sg.2 (including) |
| Ios_xe | Cisco | 3.2sg.3 (including) | 3.2sg.3 (including) |
| Ios_xe | Cisco | 3.2sg.4 (including) | 3.2sg.4 (including) |
| Ios_xe | Cisco | 3.2sg.5 (including) | 3.2sg.5 (including) |
| Ios_xe | Cisco | 3.2sg.6 (including) | 3.2sg.6 (including) |
| Ios_xe | Cisco | 3.2sg.7 (including) | 3.2sg.7 (including) |
| Ios_xe | Cisco | 3.2sg.8 (including) | 3.2sg.8 (including) |
| Ios_xe | Cisco | 3.2sg.9 (including) | 3.2sg.9 (including) |
| Ios_xe | Cisco | 3.2xo.0 (including) | 3.2xo.0 (including) |
| Ios_xe | Cisco | 3.2xo.1 (including) | 3.2xo.1 (including) |
| Ios_xe | Cisco | 3.3sg.0 (including) | 3.3sg.0 (including) |
| Ios_xe | Cisco | 3.3sg.1 (including) | 3.3sg.1 (including) |
| Ios_xe | Cisco | 3.3sg.2 (including) | 3.3sg.2 (including) |
| Ios_xe | Cisco | 3.3sq.0 (including) | 3.3sq.0 (including) |
| Ios_xe | Cisco | 3.3sq.1 (including) | 3.3sq.1 (including) |
| Ios_xe | Cisco | 3.4s.0 (including) | 3.4s.0 (including) |
| Ios_xe | Cisco | 3.4s.1 (including) | 3.4s.1 (including) |
| Ios_xe | Cisco | 3.4s.2 (including) | 3.4s.2 (including) |
| Ios_xe | Cisco | 3.4s.3 (including) | 3.4s.3 (including) |
| Ios_xe | Cisco | 3.4s.4 (including) | 3.4s.4 (including) |
| Ios_xe | Cisco | 3.4s.5 (including) | 3.4s.5 (including) |
| Ios_xe | Cisco | 3.4s.6 (including) | 3.4s.6 (including) |
| Ios_xe | Cisco | 3.4sq.0 (including) | 3.4sq.0 (including) |
| Ios_xe | Cisco | 3.4sq.1 (including) | 3.4sq.1 (including) |
| Ios_xe | Cisco | 3.5s.0 (including) | 3.5s.0 (including) |
| Ios_xe | Cisco | 3.5s.1 (including) | 3.5s.1 (including) |
| Ios_xe | Cisco | 3.5s.2 (including) | 3.5s.2 (including) |
| Ios_xe | Cisco | 3.5s_base (including) | 3.5s_base (including) |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp/cvrf/cisco-sa-20150722-tftp_cvrf.xml
- http://www.securitytracker.com/id/1033023
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp/cvrf/cisco-sa-20150722-tftp_cvrf.xml
- http://www.securitytracker.com/id/1033023