A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.
The product does not properly control the allocation and maintenance of a limited resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios_xe | Cisco | 3.2.0se (including) | 3.2.0se (including) |
| Ios_xe | Cisco | 3.2.1se (including) | 3.2.1se (including) |
| Ios_xe | Cisco | 3.2.2se (including) | 3.2.2se (including) |
| Ios_xe | Cisco | 3.2.3se (including) | 3.2.3se (including) |
| Ios_xe | Cisco | 3.3.0se (including) | 3.3.0se (including) |
| Ios_xe | Cisco | 3.3.0xo (including) | 3.3.0xo (including) |
| Ios_xe | Cisco | 3.3.1se (including) | 3.3.1se (including) |
| Ios_xe | Cisco | 3.3.1xo (including) | 3.3.1xo (including) |
| Ios_xe | Cisco | 3.3.2se (including) | 3.3.2se (including) |
| Ios_xe | Cisco | 3.3.2xo (including) | 3.3.2xo (including) |
| Ios_xe | Cisco | 3.3.3se (including) | 3.3.3se (including) |
| Ios_xe | Cisco | 3.3.4se (including) | 3.3.4se (including) |
| Ios_xe | Cisco | 3.3.5se (including) | 3.3.5se (including) |
| Ios_xe | Cisco | 3.4.0sg (including) | 3.4.0sg (including) |
| Ios_xe | Cisco | 3.4.1sg (including) | 3.4.1sg (including) |
| Ios_xe | Cisco | 3.4.2sg (including) | 3.4.2sg (including) |
| Ios_xe | Cisco | 3.4.3sg (including) | 3.4.3sg (including) |
| Ios_xe | Cisco | 3.4.4sg (including) | 3.4.4sg (including) |
| Ios_xe | Cisco | 3.4.5sg (including) | 3.4.5sg (including) |
| Ios_xe | Cisco | 3.4.6sg (including) | 3.4.6sg (including) |
| Ios_xe | Cisco | 3.4.7sg (including) | 3.4.7sg (including) |
| Ios_xe | Cisco | 3.4.8sg (including) | 3.4.8sg (including) |
| Ios_xe | Cisco | 3.5.0e (including) | 3.5.0e (including) |
| Ios_xe | Cisco | 3.5.1e (including) | 3.5.1e (including) |
| Ios_xe | Cisco | 3.5.2e (including) | 3.5.2e (including) |
| Ios_xe | Cisco | 3.5.3e (including) | 3.5.3e (including) |
| Ios_xe | Cisco | 3.6.0ae (including) | 3.6.0ae (including) |
| Ios_xe | Cisco | 3.6.0be (including) | 3.6.0be (including) |
| Ios_xe | Cisco | 3.6.0e (including) | 3.6.0e (including) |
| Ios_xe | Cisco | 3.6.1e (including) | 3.6.1e (including) |
| Ios_xe | Cisco | 3.6.2ae (including) | 3.6.2ae (including) |
| Ios_xe | Cisco | 3.6.2e (including) | 3.6.2e (including) |
| Ios_xe | Cisco | 3.6.3e (including) | 3.6.3e (including) |
| Ios_xe | Cisco | 3.6.4e (including) | 3.6.4e (including) |
| Ios_xe | Cisco | 3.6.5ae (including) | 3.6.5ae (including) |
| Ios_xe | Cisco | 3.6.5be (including) | 3.6.5be (including) |
| Ios_xe | Cisco | 3.6.5e (including) | 3.6.5e (including) |
| Ios_xe | Cisco | 3.6.6e (including) | 3.6.6e (including) |
| Ios_xe | Cisco | 3.6.7ae (including) | 3.6.7ae (including) |
| Ios_xe | Cisco | 3.6.7be (including) | 3.6.7be (including) |
| Ios_xe | Cisco | 3.6.7e (including) | 3.6.7e (including) |
| Ios_xe | Cisco | 3.7.0bs (including) | 3.7.0bs (including) |
| Ios_xe | Cisco | 3.7.0e (including) | 3.7.0e (including) |
| Ios_xe | Cisco | 3.7.0s (including) | 3.7.0s (including) |
| Ios_xe | Cisco | 3.7.1as (including) | 3.7.1as (including) |
| Ios_xe | Cisco | 3.7.1e (including) | 3.7.1e (including) |
| Ios_xe | Cisco | 3.7.1s (including) | 3.7.1s (including) |
| Ios_xe | Cisco | 3.7.2e (including) | 3.7.2e (including) |
| Ios_xe | Cisco | 3.7.2s (including) | 3.7.2s (including) |
| Ios_xe | Cisco | 3.7.2ts (including) | 3.7.2ts (including) |
| Ios_xe | Cisco | 3.7.3e (including) | 3.7.3e (including) |
| Ios_xe | Cisco | 3.7.3s (including) | 3.7.3s (including) |
| Ios_xe | Cisco | 3.7.4as (including) | 3.7.4as (including) |
| Ios_xe | Cisco | 3.7.4e (including) | 3.7.4e (including) |
| Ios_xe | Cisco | 3.7.4s (including) | 3.7.4s (including) |
| Ios_xe | Cisco | 3.7.5e (including) | 3.7.5e (including) |
| Ios_xe | Cisco | 3.7.5s (including) | 3.7.5s (including) |
| Ios_xe | Cisco | 3.7.6s (including) | 3.7.6s (including) |
| Ios_xe | Cisco | 3.7.7s (including) | 3.7.7s (including) |
| Ios_xe | Cisco | 3.7.8s (including) | 3.7.8s (including) |
| Ios_xe | Cisco | 3.8.0e (including) | 3.8.0e (including) |
| Ios_xe | Cisco | 3.8.0s (including) | 3.8.0s (including) |
| Ios_xe | Cisco | 3.8.1e (including) | 3.8.1e (including) |
| Ios_xe | Cisco | 3.8.1s (including) | 3.8.1s (including) |
| Ios_xe | Cisco | 3.8.2e (including) | 3.8.2e (including) |
| Ios_xe | Cisco | 3.8.2s (including) | 3.8.2s (including) |
| Ios_xe | Cisco | 3.8.3e (including) | 3.8.3e (including) |
| Ios_xe | Cisco | 3.8.4e (including) | 3.8.4e (including) |
| Ios_xe | Cisco | 3.8.5ae (including) | 3.8.5ae (including) |
| Ios_xe | Cisco | 3.8.5e (including) | 3.8.5e (including) |
| Ios_xe | Cisco | 3.9.0as (including) | 3.9.0as (including) |
| Ios_xe | Cisco | 3.9.0e (including) | 3.9.0e (including) |
| Ios_xe | Cisco | 3.9.0s (including) | 3.9.0s (including) |
| Ios_xe | Cisco | 3.9.1as (including) | 3.9.1as (including) |
| Ios_xe | Cisco | 3.9.1e (including) | 3.9.1e (including) |
| Ios_xe | Cisco | 3.9.1s (including) | 3.9.1s (including) |
| Ios_xe | Cisco | 3.9.2be (including) | 3.9.2be (including) |
| Ios_xe | Cisco | 3.9.2e (including) | 3.9.2e (including) |
| Ios_xe | Cisco | 3.9.2s (including) | 3.9.2s (including) |
| Ios_xe | Cisco | 3.10.0ce (including) | 3.10.0ce (including) |
| Ios_xe | Cisco | 3.10.0e (including) | 3.10.0e (including) |
| Ios_xe | Cisco | 3.10.0s (including) | 3.10.0s (including) |
| Ios_xe | Cisco | 3.10.1s (including) | 3.10.1s (including) |
| Ios_xe | Cisco | 3.10.2as (including) | 3.10.2as (including) |
| Ios_xe | Cisco | 3.10.2s (including) | 3.10.2s (including) |
| Ios_xe | Cisco | 3.10.2ts (including) | 3.10.2ts (including) |
| Ios_xe | Cisco | 3.10.3s (including) | 3.10.3s (including) |
| Ios_xe | Cisco | 3.10.4s (including) | 3.10.4s (including) |
| Ios_xe | Cisco | 3.10.5s (including) | 3.10.5s (including) |
| Ios_xe | Cisco | 3.10.6s (including) | 3.10.6s (including) |
| Ios_xe | Cisco | 3.10.7s (including) | 3.10.7s (including) |
| Ios_xe | Cisco | 3.10.8as (including) | 3.10.8as (including) |
| Ios_xe | Cisco | 3.10.8s (including) | 3.10.8s (including) |
| Ios_xe | Cisco | 3.10.9s (including) | 3.10.9s (including) |
| Ios_xe | Cisco | 3.10.10s (including) | 3.10.10s (including) |
| Ios_xe | Cisco | 3.11.0s (including) | 3.11.0s (including) |
| Ios_xe | Cisco | 3.11.1s (including) | 3.11.1s (including) |
| Ios_xe | Cisco | 3.11.2s (including) | 3.11.2s (including) |
| Ios_xe | Cisco | 3.11.3s (including) | 3.11.3s (including) |
| Ios_xe | Cisco | 3.11.4s (including) | 3.11.4s (including) |
| Ios_xe | Cisco | 3.12.0as (including) | 3.12.0as (including) |
| Ios_xe | Cisco | 3.12.0s (including) | 3.12.0s (including) |
| Ios_xe | Cisco | 3.12.1s (including) | 3.12.1s (including) |
| Ios_xe | Cisco | 3.12.2s (including) | 3.12.2s (including) |
| Ios_xe | Cisco | 3.12.3s (including) | 3.12.3s (including) |
| Ios_xe | Cisco | 3.12.4s (including) | 3.12.4s (including) |
| Ios_xe | Cisco | 3.13.0as (including) | 3.13.0as (including) |
| Ios_xe | Cisco | 3.13.0s (including) | 3.13.0s (including) |
| Ios_xe | Cisco | 3.13.1s (including) | 3.13.1s (including) |
| Ios_xe | Cisco | 3.13.2as (including) | 3.13.2as (including) |
| Ios_xe | Cisco | 3.13.2s (including) | 3.13.2s (including) |
| Ios_xe | Cisco | 3.13.3s (including) | 3.13.3s (including) |
| Ios_xe | Cisco | 3.13.4s (including) | 3.13.4s (including) |
| Ios_xe | Cisco | 3.13.5as (including) | 3.13.5as (including) |
| Ios_xe | Cisco | 3.13.5s (including) | 3.13.5s (including) |
| Ios_xe | Cisco | 3.13.6as (including) | 3.13.6as (including) |
| Ios_xe | Cisco | 3.13.6bs (including) | 3.13.6bs (including) |
| Ios_xe | Cisco | 3.13.6s (including) | 3.13.6s (including) |
| Ios_xe | Cisco | 3.13.7as (including) | 3.13.7as (including) |
| Ios_xe | Cisco | 3.13.7s (including) | 3.13.7s (including) |
| Ios_xe | Cisco | 3.13.8s (including) | 3.13.8s (including) |
| Ios_xe | Cisco | 3.14.0s (including) | 3.14.0s (including) |
| Ios_xe | Cisco | 3.14.1s (including) | 3.14.1s (including) |
| Ios_xe | Cisco | 3.14.2s (including) | 3.14.2s (including) |
| Ios_xe | Cisco | 3.14.3s (including) | 3.14.3s (including) |
| Ios_xe | Cisco | 3.14.4s (including) | 3.14.4s (including) |
| Ios_xe | Cisco | 3.15.0s (including) | 3.15.0s (including) |
| Ios_xe | Cisco | 3.15.1cs (including) | 3.15.1cs (including) |
| Ios_xe | Cisco | 3.15.1s (including) | 3.15.1s (including) |
| Ios_xe | Cisco | 3.15.2s (including) | 3.15.2s (including) |
| Ios_xe | Cisco | 3.15.3s (including) | 3.15.3s (including) |
| Ios_xe | Cisco | 3.15.4s (including) | 3.15.4s (including) |
| Ios_xe | Cisco | 3.16.0as (including) | 3.16.0as (including) |
| Ios_xe | Cisco | 3.16.0bs (including) | 3.16.0bs (including) |
| Ios_xe | Cisco | 3.16.0cs (including) | 3.16.0cs (including) |
| Ios_xe | Cisco | 3.16.0s (including) | 3.16.0s (including) |
| Ios_xe | Cisco | 3.16.1as (including) | 3.16.1as (including) |
| Ios_xe | Cisco | 3.16.1s (including) | 3.16.1s (including) |
| Ios_xe | Cisco | 3.16.2as (including) | 3.16.2as (including) |
| Ios_xe | Cisco | 3.16.2bs (including) | 3.16.2bs (including) |
| Ios_xe | Cisco | 3.16.2s (including) | 3.16.2s (including) |
| Ios_xe | Cisco | 3.16.3as (including) | 3.16.3as (including) |
| Ios_xe | Cisco | 3.16.3s (including) | 3.16.3s (including) |
| Ios_xe | Cisco | 3.16.4as (including) | 3.16.4as (including) |
| Ios_xe | Cisco | 3.16.4bs (including) | 3.16.4bs (including) |
| Ios_xe | Cisco | 3.16.4cs (including) | 3.16.4cs (including) |
| Ios_xe | Cisco | 3.16.4ds (including) | 3.16.4ds (including) |
| Ios_xe | Cisco | 3.16.4es (including) | 3.16.4es (including) |
| Ios_xe | Cisco | 3.16.4gs (including) | 3.16.4gs (including) |
| Ios_xe | Cisco | 3.16.4s (including) | 3.16.4s (including) |
| Ios_xe | Cisco | 3.16.5as (including) | 3.16.5as (including) |
| Ios_xe | Cisco | 3.16.5bs (including) | 3.16.5bs (including) |
| Ios_xe | Cisco | 3.16.5s (including) | 3.16.5s (including) |
| Ios_xe | Cisco | 3.16.6bs (including) | 3.16.6bs (including) |
| Ios_xe | Cisco | 3.16.6s (including) | 3.16.6s (including) |
| Ios_xe | Cisco | 3.17.0s (including) | 3.17.0s (including) |
| Ios_xe | Cisco | 3.17.1as (including) | 3.17.1as (including) |
| Ios_xe | Cisco | 3.17.1s (including) | 3.17.1s (including) |
| Ios_xe | Cisco | 3.17.2s (including) | 3.17.2s (including) |
| Ios_xe | Cisco | 3.17.3s (including) | 3.17.3s (including) |
| Ios_xe | Cisco | 3.17.4s (including) | 3.17.4s (including) |
| Ios_xe | Cisco | 3.18.0as (including) | 3.18.0as (including) |
| Ios_xe | Cisco | 3.18.0s (including) | 3.18.0s (including) |
| Ios_xe | Cisco | 3.18.0sp (including) | 3.18.0sp (including) |
| Ios_xe | Cisco | 3.18.1asp (including) | 3.18.1asp (including) |
| Ios_xe | Cisco | 3.18.1bsp (including) | 3.18.1bsp (including) |
| Ios_xe | Cisco | 3.18.1csp (including) | 3.18.1csp (including) |
| Ios_xe | Cisco | 3.18.1gsp (including) | 3.18.1gsp (including) |
| Ios_xe | Cisco | 3.18.1hsp (including) | 3.18.1hsp (including) |
| Ios_xe | Cisco | 3.18.1isp (including) | 3.18.1isp (including) |
| Ios_xe | Cisco | 3.18.1s (including) | 3.18.1s (including) |
| Ios_xe | Cisco | 3.18.1sp (including) | 3.18.1sp (including) |
| Ios_xe | Cisco | 3.18.2asp (including) | 3.18.2asp (including) |
| Ios_xe | Cisco | 3.18.2s (including) | 3.18.2s (including) |
| Ios_xe | Cisco | 3.18.2sp (including) | 3.18.2sp (including) |
| Ios_xe | Cisco | 3.18.3s (including) | 3.18.3s (including) |
| Ios_xe | Cisco | 3.18.4s (including) | 3.18.4s (including) |
| Ios_xe | Cisco | 16.1.1 (including) | 16.1.1 (including) |
| Ios_xe | Cisco | 16.1.2 (including) | 16.1.2 (including) |
| Ios_xe | Cisco | 16.1.3 (including) | 16.1.3 (including) |
| Ios_xe | Cisco | 16.2.1 (including) | 16.2.1 (including) |
| Ios_xe | Cisco | 16.2.2 (including) | 16.2.2 (including) |
| Ios_xe | Cisco | 16.3.1 (including) | 16.3.1 (including) |
| Ios_xe | Cisco | 16.3.1a (including) | 16.3.1a (including) |
| Ios_xe | Cisco | 16.3.2 (including) | 16.3.2 (including) |
| Ios_xe | Cisco | 16.3.3 (including) | 16.3.3 (including) |
| Ios_xe | Cisco | 16.3.4 (including) | 16.3.4 (including) |
| Ios_xe | Cisco | 16.4.1 (including) | 16.4.1 (including) |
| Ios_xe | Cisco | 16.4.2 (including) | 16.4.2 (including) |
| Ios_xe | Cisco | 16.5.1 (including) | 16.5.1 (including) |
| Ios_xe | Cisco | 16.5.1a (including) | 16.5.1a (including) |
| Ios_xe | Cisco | 16.5.1b (including) | 16.5.1b (including) |
| Ios_xe | Cisco | 16.5.2 (including) | 16.5.2 (including) |
| Ios_xe | Cisco | 16.5.3 (including) | 16.5.3 (including) |
| Ios_xe | Cisco | 16.6.1 (including) | 16.6.1 (including) |
Mitigation of resource exhaustion attacks requires that the target system either:
The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.