CVE-2009-0635

high

Description

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49417

http://www.vupen.com/english/advisories/2009/0851

http://www.securitytracker.com/id?1021895

http://www.securityfocus.com/bid/34246

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml

http://secunia.com/advisories/34438

Details

Source: Mitre, NVD

Published: 2009-03-27

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00934