Vulnerabilities > CVE-2001-0861 - Denial Of Service vulnerability in Cisco 12000 Series Internet Router

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
cisco
nessus
NVD
Published: 2001-12-06
Updated: 2017-10-10

Summary

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
1

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20011114-GSR-UNREACHABLEHTTP.NASL
    descriptionThe performance of Cisco 12000 series routers can be degraded when they have to send a large number of ICMP unreachable packets. This situation usually can occur during heavy network scanning. This vulnerability is tracked by three different bug IDs: CSCdr46528 ( registered customers only) , CSCdt66560 ( registered customers only) , and CSCds36541 ( registered customers only) . Each bug ID is assigned to a different Engine the line card is based upon. The rest of the Cisco routers and switches are not affected by this vulnerability. It is specific for Cisco 12000 Series. No other Cisco product is vulnerable. The workaround is to either prevent the router from sending unreachable Internet Control Message Protocol (ICMPs) at all or to rate limit them.
    last seen2019-10-28
    modified2010-09-01
    plugin id48960
    published2010-09-01
    reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48960
    titleICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router - Cisco Systems
  • NASL familyCISCO
    NASL idCISCO_GSR_UNREACHABLE.NASL
    descriptionThe remote device appears to be a Cisco 12000 Series router. According to its version number, it is vulnerable to a denial of service issue. Forcing it to send a large number of ICMP unreachable packets can slow down throughput. A remote attacker could use this to degrade the performance of the network.
    last seen2020-06-01
    modified2020-06-02
    plugin id10971
    published2002-06-05
    reporterThis script is (C) 2002-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10971
    titleCisco 12000 Series Router ICMP Unreachable DoS

References