CVE-2009-0635

Severity

71%

Complexity

86%

Confidentiality

115%

Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml Obtaining Fixed Software Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml .

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.

Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml Obtaining Fixed Software Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml .

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

Type

Cisco IOS

First reported 16 years ago

2009-03-27 16:30:00

Last updated 7 years ago

2017-08-17 01:29:00

Affected Software

Cisco IOS 12.4T

12.4t

Cisco IOS 12.4XZ

12.4xz

Cisco IOS 12.4YA

12.4ya

References

34438

Vendor Advisory

20090325 Cisco IOS cTCP Denial of Service Vulnerability

Patch, Vendor Advisory

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml

Patch, Vendor Advisory

34246

1021895

ADV-2009-0851

Vendor Advisory

ios-ctcp-dos(49417)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.