CVE-2009-2871

Severity

78%

Complexity

99%

Confidentiality

115%

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Cisco IOS

First reported 15 years ago

2009-09-28 19:30:00

Last updated 15 years ago

2009-10-01 05:24:00

Affected Software

Cisco IOS 12.2XNA

12.2xna

Cisco IOS 12.2XNB

12.2xnb

Cisco IOS 12.2XNC

12.2xnc

Cisco IOS 12.2XND

12.2xnd

Cisco IOS 12.4 MD

12.4md

Cisco IOS 12.4MR

12.4mr

Cisco IOS 12.4SW

12.4sw

Cisco IOS 12.4T

12.4t

Cisco IOS 12.4XF

12.4xf

Cisco IOS 12.4XJ

12.4xj

Cisco IOS 12.4xk

12.4xk

Cisco IOS 12.4XQ

12.4xq

Cisco IOS 12.4XR

12.4xr

Cisco IOS 12.4XV

12.4xv

Cisco IOS 12.4XW

12.4xw

Cisco IOS 12.4XY

12.4xy

Cisco IOS 12.4XZ

12.4xz

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=18892

Vendor Advisory

20090923 Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability

Vendor Advisory

1022930

ADV-2009-2759

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.