Additionally, device users must have the “Discovery Protocol” feature enabled. If an attacker is able to exploit this vulnerability, no action is required by the device user to reset the device to factory defaults. As with any software vulnerability, users are encouraged to apply the appropriate Cisco product release. Cisco has released software updates that address this vulnerability. Users can also manually reset their devices. After applying the appropriate Cisco product release, users should follow the instructions provided in the Internet Engineering Task Force (IETF) draft “Discovery Protocol Reduction for Security” to reduce the risk of machine-to-machine (M2M) messages being exploited for DoS attacks. To reduce the risk of exploitation of this vulnerability, users should ensure that Discovery Protocol is enabled on the device. Further information regarding Discovery Protocol may be found in the Cisco documentation website. All users are advised to consult with their network or system administrator or to consider implementing the suggested IETF draft “Discovery Protocol Reduction for Security”.
Vulnerability Overview
The vulnerability was identified by Cisco.
This vulnerability allows a malicious device to crash a targeted device or cause other performance degradation and might cause denial of service (DoS) conditions.
The vulnerability was discovered in Research In Motion's (RIM) BlackBerry Enterprise Server (BES).
Software Version and Complementary Information
The following software versions have been released to address this vulnerability:
Cisco IOS Software, Versions 15.1(3)M9a and Later
Cisco IOS XE Software, Version 3.8S and Later
Vulnerable Devices and Cisco Products
Cisco products are not vulnerable to this vulnerability.
Timeline
Published on: 08/25/2022 19:15:00 UTC
Last modified on: 09/23/2022 15:15:00 UTC