CVE-2009-2868

Severity

78%

Complexity

99%

Confidentiality

115%

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Cisco IOS

First reported 15 years ago

2009-09-28 19:30:00

Last updated 15 years ago

2009-10-01 05:24:00

Affected Software

Cisco IOS 12.2EX

12.2ex

Cisco IOS 12.2IRA

12.2ira

Cisco IOS 12.2IRB

12.2irb

Cisco IOS 12.2IRC

12.2irc

Cisco IOS 12.2SB

12.2sb

Cisco IOS 12.2SCA

12.2sca

Cisco IOS 12.2SCB

12.2scb

Cisco IOS 12.2SE

12.2se

Cisco IOS 12.2SRA

12.2sra

Cisco IOS 12.2SRB

12.2srb

Cisco IOS 12.2SRC

12.2src

Cisco IOS 12.2SRD

12.2srd

Cisco IOS 12.2SXH

12.2sxh

Cisco IOS 12.2SXI

12.2sxi

Cisco IOS 12.2XNA

12.2xna

Cisco IOS 12.2XNB

12.2xnb

Cisco IOS 12.2XNC

12.2xnc

Cisco IOS 12.2XND

12.2xnd

Cisco IOS 12.3T

12.3t

Cisco IOS 12.3XL

12.3xl

Cisco IOS 12.3XR

12.3xr

Cisco IOS 12.3XS

12.3xs

Cisco IOS 12.3XX

12.3xx

Cisco IOS 12.3YA

12.3ya

Cisco IOS 12.3YD

12.3yd

Cisco IOS 12.3YF

12.3yf

Cisco IOS 12.3YG

12.3yg

Cisco IOS 12.3YH

12.3yh

Cisco IOS 12.3YI

12.3yi

Cisco IOS 12.3YQ

12.3yq

Cisco IOS 12.3YS

12.3ys

Cisco IOS 12.3YT

12.3yt

Cisco IOS 12.3YU

12.3yu

Cisco IOS 12.3YX

12.3yx

Cisco IOS 12.3YZ

12.3yz

Cisco IOS 12.4

12.4

Cisco IOS 12.4T

12.4t

Cisco IOS 12.4XB

12.4xb

Cisco IOS 12.4XC

12.4xc

Cisco IOS 12.4XD

12.4xd

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=18887

Vendor Advisory

20090923 Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability

Vendor Advisory

ADV-2009-2759

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.