Cisco released updated software to mitigate a vulnerability in the Stream Control Transmission Protocol (SCTP) decoder for its NetFlow Generation Appliances (NGA).
The flaw (CVE-2017-3826) manifests due to incomplete validation of SCTP packets and could cause the device to hang or reload unexpectedly, creating a denial of service (DoS) condition. Cisco released software updates to address this flaw.
The vulnerability is due to incomplete validation of SCTP packets monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability.
An exploit could allow an attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could end up needed to recover the device using the reboot command from the CLI.
Cisco did release software updates that address this vulnerability. There are, however, no workarounds that address the vulnerability.
Cisco issued an advisory on the issue.
The following Cisco NetFlow Generation Appliances are vulnerable:
• NGA 3140
• NGA 3240
• NGA 3340
Cisco NetFlow Generation Appliance Software can end up downloaded from the Software Center on Cisco.com by navigating to Products > Cloud and Systems Management > Routing and Switching Management > NetFlow Generation 3000 Series Appliances.
There will be no fixed release for the NGA 3140 because that platform reached the end-of-software maintenance milestone January 11, 2014.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability.