Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability

BID:10186

Info

Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability

Bugtraq ID: 10186
Class: Design Error
CVE: CVE-2004-0714
Remote: Yes
Local: No
Published: Apr 20 2004 12:00AM
Updated: Mar 19 2015 08:23AM
Credit: This issue was disclosed in the referenced vendor advisory.
Vulnerable: Cisco ONS 15454E Optical Transport Platform 0
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (0)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15454 Optical Transport Platform 3.4
Cisco ONS 15454 Optical Transport Platform 3.3
Cisco ONS 15454 Optical Transport Platform 3.2 .0
Cisco ONS 15454 Optical Transport Platform 3.1 .0
Cisco ONS 15454 Optical Transport Platform 3.0
Cisco IOS 12.3XQ
Cisco IOS 12.3XK
Cisco IOS 12.3XH
Cisco IOS 12.3XG
Cisco IOS 12.3XF
Cisco IOS 12.3XE
Cisco IOS 12.3XD
Cisco IOS 12.3XC
Cisco IOS 12.3T
Cisco IOS 12.3B
Cisco IOS 12.3(6)
Cisco IOS 12.3(5b)
Cisco IOS 12.3(5a)b
Cisco IOS 12.3(5a)
Cisco IOS 12.3(5)
Cisco IOS 12.3(4)XD1
Cisco IOS 12.3(4)XD
Cisco IOS 12.3(4)T3
Cisco IOS 12.3(4)T2
Cisco IOS 12.3(4)T1
Cisco IOS 12.3(4)T
Cisco IOS 12.3(2)XC2
Cisco IOS 12.3(2)XC1
Cisco IOS 12.3(2)T3
Cisco IOS 12.3
Cisco IOS 12.2ZQ
Cisco IOS 12.2SW
Cisco IOS 12.2S
Cisco IOS 12.2(23)
Cisco IOS 12.2(21a)
Cisco IOS 12.2(21)
Cisco IOS 12.2(20)S1
Cisco IOS 12.2(20)S
Cisco IOS 12.2(12h)
Cisco IOS 12.2(12g)
Cisco IOS 12.2
Cisco IOS 12.1EW
Cisco IOS 12.1EU
Cisco IOS 12.1EO
Cisco IOS 12.1EC
Cisco IOS 12.1EB
Cisco IOS 12.1EA
Cisco IOS 12.1E
Cisco IOS 12.1(20)EW1
Cisco IOS 12.1(20)EW
Cisco IOS 12.1(20)EO
Cisco IOS 12.1(20)EC1
Cisco IOS 12.1(20)EC
Cisco IOS 12.1(20)EA1
Cisco IOS 12.1(20)E2
Cisco IOS 12.1(20)E1
Cisco IOS 12.1(20)E
Cisco IOS 12.0SV
Cisco IOS 12.0S
Cisco IOS 12.0(27)SV1
Cisco IOS 12.0(27)SV
Cisco IOS 12.0(27)S
Cisco IOS 12.0(26)S1
Cisco IOS 12.0(24)S5
Cisco IOS 12.0(24)S4
Cisco IOS 12.0(23)S5
Cisco IOS 12.0(23)S4
Not Vulnerable: Cisco IOS 12.3(9)
Cisco IOS 12.3(7.7)
Cisco IOS 12.3(7)T
Cisco IOS 12.3(6a)
Cisco IOS 12.3(5c)
Cisco IOS 12.3(5)B1
Cisco IOS 12.3(4)XQ
Cisco IOS 12.3(4)XK
Cisco IOS 12.3(4)XH
Cisco IOS 12.3(4)XG1
Cisco IOS 12.3(4)XD2
Cisco IOS 12.3(4)T4
Cisco IOS 12.3(4)EO1
Cisco IOS 12.3(2)XC3
Cisco IOS 12.2(24)
Cisco IOS 12.2(23a)
Cisco IOS 12.2(23.6)
Cisco IOS 12.2(23)SW
Cisco IOS 12.2(22)S
Cisco IOS 12.2(21b)
Cisco IOS 12.2(20)S2
Cisco IOS 12.2(12i)
Cisco IOS 12.1(22)EB
Cisco IOS 12.1(22)E1
Cisco IOS 12.1(20)EW2
Cisco IOS 12.1(20)EO1
Cisco IOS 12.1(20)EC2
Cisco IOS 12.1(20)EA1a
Cisco IOS 12.1(20)E3
Cisco IOS 12.0(27)SV2
Cisco IOS 12.0(27)S1
Cisco IOS 12.0(26)S2
Cisco IOS 12.0(24)S6
Cisco IOS 12.0(23)S6

Discussion

Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability

It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This is caused by a design error that causes memory corruption in the affected system under certain circumstances.

This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to a corruption of memory in the affected device. As a result, there may be other consequences, such as code execution. This has not been confirmed by Cisco.

Exploit / POC

Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability

Solution:
Cisco has released an advisory dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.

Cisco has released an update to their initial advisory. The update has expanded on the affected products section (added the Catalyst and Optical products - 12.1(20)EO) as well as the software versions and fixes section; updates for the newly reported vulnerable products will be available on April 27th.

Cisco has also released further revisions to their initial advisory. In particular, Cisco has provided details about vulnerable IOS 12.1EB, 12.1EO, 12.1EU, 12.2SW, 12.2ZQ, 12.2XE, 12.2XF releases and fix information. Please see the most recent revision (1.3) for further information.

Cisco have released revision 1.4 of their advisory to instruct users of Cisco IOS 12.3XC to migrate to the pending 12.3(8)T release.

Cisco have released revision 1.5 of their advisory, detailing software fix availability information for 12.0S, 12.1EB, 12.2, 12.2S, 12.2SW, 12.3, 12.3T, 12.3XH, 12.3XK, and 12.3XQ.

References

Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report