The day after Cisco warned about a flaw in its Smart Install clients the company issued an advisory concerning a vulnerability in its Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA).
An incomplete validation of SCTP packets being monitored by the NGA ports causes the vulnerability, Cisco reported, allowing an attacker to send malformed SCTP packets that if properly exploited could cause the appliance to become unresponsive creating a Denial of Service condition.
Cisco's NGA 3140, 3240 and 3340 NetFlow Generation Appliances are the only company products found vulnerable to this issue. Patches have been issued that corrects the problem and there are no other type of workarounds available, the company said.