
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0024

Title: Cisco Cius Denial of Service Vulnerability[1]

Version history:
01.03.2012 Initial publication

Summary
=======
Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding (DoS).

CVSS Base Score
CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])

(CVE-2012-0359)

Affected Versions
=================

The following products are affected by the vulnerability detailed in this advisory:

* Cius Wi-Fi devices running Cius Software Version 9.2(1) SR1 and earlier

Original Details
================

Cius software contains a vulnerability when handling malformed
traffic. A remote, unauthenticated attacker could exploit this
vulnerability to create a denial of service (DoS) condition on the
affected device.

An attacker could exploit this vulnerability by sending malicious
traffic to an affected device. Exploitation could allow the attacker
to cause the Cius to stop responding, requiring a reboot.

More details provided in the CISCO advisory [1].

What can you do?
================
Deploy the updated versions of the software [2].

Workarounds:

There are no workarounds for the vulnerability disclosed in this
advisory.

What to tell your users?
========================
N/A

More information
================
[1] CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cius
[2] CISCO Software Download http://www.cisco.com/cisco/software/find.html?q=nx-os
[3] Information about CVSS: http://www.first.org/cvss/cvss-guide.html

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.)
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39

iQJWBAEBAgBBBQJPTzvuOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4PYzw/41ndu0hG4
8TOsOQawxQcLQYiUZA8xr1RAgc2hBc+WEkEWPjxsq61YHQ5l0RWaDjMNdkwMtZ4k
5tGDXGvFjoMsw+rqW2igRjsAqQkLXe32M9Jph4Ew8on86DU60K1Kldk929aQNLf+
rZLqHacdWHqH2DQv9dQFTjdr0vCSSWA+HIBKf2eLwqobXYyN3i+9IQ5mPQUqJPDN
k5IVJexy6MJLrQyvqAcsIqJ4bcZXr+l5tUg0gcAbLoZboJ11zsuva+757B4yX3uU
/FljqhbObAXMeUY0jQu9lD/V4GSeM2sY4YNHTE/k1PIaJxN6DnYE5ztfRUVgwTrf
yKIkNlPyo3GVL/0z0t84UGLs4Za63L9iKvALEQVzVAioBowPXl9Ij+RA4ivt/c2r
nTzL3/+K7R2A44YKoeFkwqf8WJtbFrb43JeX2VDJ1NXfDV9sCdKGgKspVmZnY/P+
9/Azo+Gqf2OF4BimfB89hTYz7y86Dpnhv9FVEoDTaKScQfAea0pmFPLZrmp2FsXY
KHXAID7TYAhEptl2vki1Nt14qIJrEsu8ZRqSRnf9WykJYL7S8C1e1Op2wnYburX9
wkoS72sLl9vdWuY8PJbDgJ8Y0EJ4QkaMR+Qn5j7JLwi7AWoB7m8XX1k1bS4qhjwD
H6HiWbrqjnPutnWZWU3Rq8B0/scl8ch03Q==
=FUiV
-----END PGP SIGNATURE-----