Cisco Multiple Devices Crafted IP Option Remote Code Execution (CSCeh52410)

critical Nessus Plugin ID 24741

Synopsis

Arbitrary code can be executed on the remote CISCO device.

Description

The remote version of IOS contains a flaw that could cause the remote router to crash when processing specially malformed IP packets.

An attacker might use these flaws to execute arbitrary code on the remote routers.

Solution

http://www.nessus.org/u?f4359412

Plugin Details

Severity: Critical

ID: 24741

File Name: CSCeh52410.nasl

Version: 1.21

Type: local

Family: CISCO

Published: 3/1/2007

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/24/2007

Reference Information

CVE: CVE-2007-0480

BID: 22211