Customers who purchase directly from Cisco but do not have a Cisco service contract and customers who purchase third-party software but do not receive fixed software through their point of sale should receive upgrades to cisco TAC: www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Is there any known malware that exploits this vulnerability? The vulnerability lies in the ip service level agreement (SLA) function that could use a port that could be used by another feature. A remote attacker can send certain SLA IP control packages and cause the consumption of a port used by the IP-SLA answering machine, resulting in a denial of service condition. Cisco has released software updates that fix this vulnerability. There is no workaround to address this security vulnerability. It is known that only the products listed in the “Vulnerable Products” section of this recommendation are affected by this vulnerability. This recommendation is available on the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ipsla-dos customers must ensure that the devices to be updated contain enough memory and confirm that current hardware and software configurations continue to be properly supported by the new version. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their mandated maintenance providers. Tenable calculates a dynamic VPR for each weak point. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Learn more about what VPR is and how it differs from CVSS.
Yes, yes. This vulnerability can be exploited by a remote and un authenticated attacker on the Internet. A security vulnerability in the Cisco IOS XE Ip Service Level Agreement (SLA) software could allow an unathentified, unathentified remote attacker to reuse an existing port, resulting in a doS (denial of service) condition. The vulnerability is available because the SLA IP answering machine could use a port that could be used by another feature. An attacker can take advantage of this vulnerability by sending certain SLA IP control packages to the IP-SLA answering machine on an affected device. Tax packages must contain the port number that could be used by another configured feature. A successful feat could allow the attacker to use an appropriate port from the IP-SLA answering machine, which will affect the functionality that used the port and leads to a DoS condition. There is no workaround to address this security vulnerability. A flaw in the processing of SLA (IP Service Level Agreement) packages by Cisco IOS software and Cisco IOS XE software could allow an unsealed remote attacker to create an interface and a possible denial-of-service (DoS) condition on the device concerned.
Security vulnerability allows a remote attacker to report a doS (denial of service) attack. For more information on Cisco`s security disclosure policies and publications, see the Security Vulnerability Directive.