Cisco this week released a set of security patches to address several vulnerabilities in its products, including High risk issues impacting StarOS and 6800, 7800, and 8800 Series IP Phones.
The first High severity bug (CVE-2018-0369) impacts the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms. By abusing this security flaw, an unauthenticated remote attacker could trigger a reload of the npusim process, thus causing denial of service (DoS).
An attacker could trigger the simultaneous reload of all four instances of the npusim process that are running per Service Function (SF) instance.
