The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2016-6384

Cisco IOS, IOS XE: denial of service via H.323

Synthesis of the vulnerability

An attacker can send a malicious H.323 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted systems: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity of this alert: 3/4.
Consequences of an intrusion: denial of service on server, denial of service on service.
Pirate's origin: internet client.
Creation date: 29/09/2016.
Références of this alert: CERTFR-2016-AVI-322, cisco-sa-20160928-h323, CSCux04257, CVE-2016-6384, VIGILANCE-VUL-20723.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received H.323 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious H.323 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability announce. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.