Vulnerabilities > CVE-2009-2871 - Unspecified vulnerability in Cisco IOS

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

nessus

NVD

Published: 2009-09-28

Updated: 2009-10-01

Summary

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.2Xna Cisco IOS 12.2Xnb Cisco IOS 12.2Xnc Cisco IOS 12.2Xnd Cisco IOS 12.4Md Cisco IOS 12.4Mr Cisco IOS 12.4Sw Cisco IOS 12.4T Cisco IOS 12.4Xf Cisco IOS 12.4Xj Cisco IOS 12.4Xk Cisco IOS 12.4Xq Cisco IOS 12.4Xr Cisco IOS 12.4Xv Cisco IOS 12.4Xw Cisco IOS 12.4Xy Cisco IOS 12.4Xz	17

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20090923-TLSHTTP.NASL
description	Cisco IOS Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device to reload by remotely sending a crafted encryption packet. Cisco has released free software updates that address this vulnerability.
last seen	2019-10-28
modified	2010-09-01
plugin id	49047
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49047
title	Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability - Cisco Systems

Summary

Vulnerable Configurations

Nessus

References