Vulnerabilities > CVE-2009-0638 - Remote Denial of Service vulnerability in Cisco Firewall Services Module ICMP Packet
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.
Vulnerable Configurations
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20090819-FWSM.NASL |
description | The remote Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by a denial of service (DoS) condition. An attacker can trigger the DoS condition by sending a specially crafted ICMP packet to the device. This will cause the network processor to stop working and result in the DoS condition. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 69923 |
published | 2013-09-17 |
reporter | This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/69923 |
title | Firewall Services Module Crafted ICMP Message (cisco-sa-20090819-fwsm) |
code |
|
Seebug
bulletinFamily | exploit |
description | CVE(CAN) ID: CVE-2009-0638 Cisco FWSM是Cisco设备上的防火墙服务模块。 Cisco FWSM软件中存在漏洞,如果处理了多个特制的ICMP消息,就会导致FWSM停止转发接口之间的通讯,或停止处理到达FWSM的通讯(管理通讯)。这是由于FWSM用于处理通讯的一个网络处理器(NP)在处理特定类型的ICMP消息时可能耗尽所有可用的执行线程,这种行为限制了可用于处理更多通讯的执行线程。 任何中间通讯或到达FWSM的通讯都受影响,无论是否启用了ICMP检查。 Cisco Firewall Services Module 4.x Cisco Firewall Services Module 3.x Cisco Firewall Services Module 2.x 临时解决方法: * 在屏蔽设备或到达FWSM路径的设备上阻断非必需的ICMP消息可以防止FWSM触发漏洞。例如,在FWSM前的Cisco IOS设备上部署以下ACL可以防止特制的ICMP消息到达FWSM,以防FWSM触发漏洞: access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any host-unreachable access-list 101 permit icmp any any unreachable access-list 101 deny icmp any any access-list 101 permit ip any any 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20090819-fwsm)以及相应补丁: cisco-sa-20090819-fwsm:Firewall Services Module Crafted ICMP Message Vulnerability 链接:http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml |
id | SSV:12089 |
last seen | 2017-11-19 |
modified | 2009-08-21 |
published | 2009-08-21 |
reporter | Root |
title | Cisco防火墙服务模块ICMP消息拒绝服务漏洞 |
References
- http://secunia.com/advisories/36373
- http://securitytracker.com/id?1022747
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af0d1d.shtml
- http://www.securityfocus.com/bid/36085
- http://www.vupen.com/english/advisories/2009/2329
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52591