Cisco IOS IPsec Internet Key Exchange (IKE) Malformed Packet Denial of Service Vulnerability
BID:38932
Info
Cisco IOS IPsec Internet Key Exchange (IKE) Malformed Packet Denial of Service Vulnerability
| Bugtraq ID: | 38932 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2010-0578 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2010 12:00AM |
| Updated: | Mar 24 2010 12:00AM |
| Credit: | Cisco |
| Vulnerable: |
Cisco IOS 12.4XT Cisco IOS 12.4XP Cisco IOS 12.4XJ Cisco IOS 12.4XE Cisco IOS 12.4XD Cisco IOS 12.4XC Cisco IOS 12.4XB Cisco IOS 12.4T Cisco IOS 12.4 Cisco IOS 12.3ZA Cisco IOS 12.3YZ Cisco IOS 12.3YX Cisco IOS 12.3YU Cisco IOS 12.3YS Cisco IOS 12.3YQ Cisco IOS 12.3YK Cisco IOS 12.3YG Cisco IOS 12.3YF Cisco IOS 12.3XX Cisco IOS 12.3XW Cisco IOS 12.3XU Cisco IOS 12.3XR Cisco IOS 12.3XJ Cisco IOS 12.3XE Cisco IOS 12.3TPC Cisco IOS 12.3T Cisco IOS 12.3JK Cisco IOS 12.2XNF Cisco IOS 12.2XNE Cisco IOS 12.2XND Cisco IOS 12.2XNC Cisco IOS 12.2XNB Cisco IOS 12.2XNA Cisco IOS 12.2SRA Cisco IOS 12.2SCB Cisco IOS 12.2SCA Cisco IOS 12.2SB |
| Not Vulnerable: |
Cisco IOS 15.0M Cisco IOS 15.0(1)M2 Cisco IOS 15.0(1)M1 Cisco IOS 12.4XN Cisco IOS 12.4(25b) Cisco IOS 12.4(15)T Cisco IOS 12.4(11)XJ4 Cisco IOS 12.3(8)JK1 Cisco IOS 12.3(4)TPC11a Cisco IOS 12.3(2)JK3 Cisco IOS 12.3(11)YZ1 Cisco IOS 12.3(11)YK1 Cisco IOS 12.2(33)SRA6 Cisco IOS 12.2(33)SCC1 Cisco IOS 12.2(33)SCB6 Cisco IOS 12.2(33)SB5 Cisco IOS 12.2(31)SB18 |
Discussion
Cisco IOS IPsec Internet Key Exchange (IKE) Malformed Packet Denial of Service Vulnerability
Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is tracked by Cisco Bug ID CSCtb13491.
This issue affects Cisco IOS running on Cisco 7200 Series and Cisco 7301 Series routers where a VPN Acceleration Module 2+ (VAM2+) is installed.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002
Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is tracked by Cisco Bug ID CSCtb13491.
This issue affects Cisco IOS running on Cisco 7200 Series and Cisco 7301 Series routers where a VPN Acceleration Module 2+ (VAM2+) is installed.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002
Exploit / POC
Cisco IOS IPsec Internet Key Exchange (IKE) Malformed Packet Denial of Service Vulnerability
To exploit this issue, attackers can use readily available network utilities.
To exploit this issue, attackers can use readily available network utilities.
References
Cisco IOS IPsec Internet Key Exchange (IKE) Malformed Packet Denial of Service Vulnerability
References:
References:
- Cisco Homepage (Cisco )
- Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability (isco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability (Cisco)