Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis=
co Security Advisory: Cisco IOx Data in Motion Stack Overflow Vul=
nerability=0D=0A=0D=0AAdvisory ID: cisco-sa-20170322-iox=0D=0A=0D=0A=
Revision: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 22 16:00 =
GMT=0D=0A=0D=0ALast Updated: 2017 March 22 16:00 GMT=0D=0A=0D=0AC=
VE ID(s): CVE-2017-3853=0D=0A=0D=0ACVSS Score v(3): 9.8 CVSS:3.0/=
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=0D=0A=0D=0A+-----------------=
----------------------------------------------------=0D=0A=0D=0AS=
ummary=0D=0A=3D=3D=3D=3D=3D=3D=3D=0D=0AA vulnerability in the Dat=
a-in-Motion (DMo) process installed with the Cisco IOx applicatio=
n environment could allow an unauthenticated, remote attacker to =
cause a stack overflow that could allow remote code execution wit=
h root privileges in the virtual instance running on an affected =
device.=0D=0A=0D=0AThe vulnerability is due to insufficient bound=
s checking in the DMo process. An attacker could exploit this vul=
nerability by sending crafted packets that are forwarded to the D=
Mo process for evaluation. The impacts of a successful exploit ar=
e limited to the scope of the virtual instance and do not impact =
the router that is hosting Cisco IOx.=0D=0A=0D=0ACisco has releas=
ed software updates that address this vulnerability. There are no=
 workarounds that address this vulnerability.=0D=0A=0D=0AThis adv=
isory is available at the following link:=0D=0Ahttps://tools.cisc=
o.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2017=
0322-iox ["https://tools.cisco.com/security/center/content/CiscoS=
ecurityAdvisory/cisco-sa-20170322-iox"]=0D=0A=0D=0A-----BEGIN PGP=
 SIGNATURE-----=0D=0A=0D=0AiQKBBAEBAgBrBQJY0qMqZBxDaXNjbyBTeXN0ZW=
1zIFByb2R1Y3QgU2VjdXJpdHkg=0D=0ASW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ=
2lzY28gUFNJUlQga2V5IDIwMTYtMjAx=0D=0ANykgPHBzaXJ0QGNpc2NvLmNvbT4A=
CgkQrz2APcQAkHnAgQ/9E53gx3RzJorkoUhK=0D=0AncGbIGWeBmDJJqyU7lgAvZD=
CbJKZTTYaLcz8IhiGH/DEonfEoPlRf5YIoHdEDbTV=0D=0A8eE8sBnNXqVjSJatVv=
dLZWilZthTrgT8aQgX+t6PWOrbbERXf8XYUYX7wz2/IkEq=0D=0Aj2x4IR9ZpgJVV=
azFJFuC2D/Sz6j9LB65xEbUe6d3K6ZLbCAYrm9AHA6+nTrQqPTL=0D=0AenfW/RhD=
1ciu6m5y0sOg0VE68C8pDJV/a8BPtVk3Rz22oesWVkpZPRSJXzk1M6H7=0D=0A35a=
8EHozoqZen3Ojb27bgVlIG+scyyJDZzgmpz7+l1A6h5Uq1UL/sss2foiz0Te3=0D=0A=
UOM79CSBSzR6woF+3qFBDwumNGhjHdlrfg8t+XDzhSh3+BQ5zNUijZB4+X7f/R+8=0D=0A=
SdYAtHiSGXDg9RR9GTeRKCyjl7RqwJ9IMMmR1qyJSkI41UL20CPdt9mK0ajlzzhD=0D=0A=
qMh0iMZtlvjoxjhix5lXpXXpIDb2iwCQcHma76Cq32MkKL8HOXfJq7rpZPH8p6tH=0D=0A=
An9VjssLWjiMWnO1nhtP+i+zYEmp9U/jK2VVw1t4Fzv8HfdscWr3RLrSxyJOjQO9=0D=0A=
SvN++XAo0ERp8TcMeV8skCqeV+JgzUAZ3JlKODR/R//lJPQLfuqfJoTPOxabROuy=0D=0A=
Uxj5oDgf6UpOaZOli8Av//fSiE8=3D=0D=0A=3DLr/s=0D=0A-----END PGP SIG=
NATURE-----=0D=0A