Published: 28/09/2009 Updated: 01/10/2009
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote malicious users to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

Affected Products

Vendor Product Versions
CiscoIos12.2xna, 12.2xnb, 12.2xnc, 12.2xnd, 12.4md, 12.4mr, 12.4sw, 12.4t, 12.4xf, 12.4xj, 12.4xk, 12.4xq, 12.4xr, 12.4xv, 12.4xw, 12.4xy, 12.4xz

Vendor Advisories

Cisco IOS® Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device to reload by remotely sending a crafted encryption packet Cisco has released software updates that address this vulnerability This advisory is posted at toolsciscocom/security/center/content/CiscoSecurityAdvisory/cisco-sa- ...