Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software contains a vulnerability in multiple features that
could allow an attacker to cause a denial of service (DoS) condition on
the affected device. A sequence of specially crafted TCP packets can
cause the vulnerable device to reload.
Cisco has released free software updates that address this
vulnerability.
Several mitigation strategies are outlined in the workarounds section
of this advisory.

See also :

http://www.nessus.org/u?f3c7d471
http://www.nessus.org/u?3a842ed7

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20090325-tcp.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49034 (cisco-sa-20090325-tcphttp.nasl)

Bugtraq ID: 34238

CVE ID: CVE-2009-0629