Cisco IOS TCP Sequence Prediction Connection Hijacking (CSCds04747)

This script is (C) 2002-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software contains a flaw that permits the successful
prediction of TCP Initial Sequence Numbers.

This vulnerability is present in all released versions of Cisco IOS
software running on Cisco routers and switches. It only affects the
security of TCP connections that originate or terminate on the
affected Cisco device itself
it does not apply to TCP traffic
forwarded through the affected device in transit between two other
hosts.

This vulnerability is documented as Cisco bug ID CSCds04747.

Solution :

http://www.nessus.org/u?021e980a

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 10976 (CSCds04747.nasl)

Bugtraq ID: 2682

CVE ID: CVE-2001-0288
CVE-2001-0328