====================================================================

                                  CERT-Renater

                      Note d'Information No. 2016/VULN338
_____________________________________________________________________

DATE                : 28/09/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco IOS Software.

=====================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
____________________________________________________________________

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol
Request Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-cip

Revison: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the Common Industrial Protocol (CIP) feature of
Cisco IOS Software could allow an unauthenticated, remote attacker to
create a denial of service (DoS) condition.

The vulnerability is due to a failure to properly process an unusual,
but valid, set of requests to an affected device. An attacker could
exploit this vulnerability by submitting a CIP message request designed
to trigger the vulnerability to an affected device. An exploit could
cause the switch to stop processing traffic, requiring a restart of the
device to regain functionality.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip

This advisory is part of the September 28, 2016, release of the Cisco
IOS and IOS XE Software Security Advisory Bundled Publication, which
includes 10 Cisco Security Advisories that describe 11 vulnerabilities.
All the vulnerabilities have a Security Impact Rating of High. For a
complete list of the advisories and links to them, see Cisco Event
Response: September 2016 Semiannual Cisco IOS and IOS XE Software
Security Advisory Bundled Publication.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================