Vulnerabilities > CVE-2010-0577 - Resource Management Errors vulnerability in Cisco IOS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20100324-TCPHTTP.NASL |
| description | Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability. Cisco has released free software updates that address this vulnerability. |
| last seen | 2019-10-28 |
| modified | 2010-09-01 |
| plugin id | 49055 |
| published | 2010-09-01 |
| reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/49055 |
| title | Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability (cisco-sa-20100324-tcp) |
References
- http://osvdb.org/63178
- http://secunia.com/advisories/39078
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f34.shtml
- http://www.securityfocus.com/bid/38930
- http://www.securitytracker.com/id?1023743
- http://www.vupen.com/english/advisories/2010/0703
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57129