Cisco IOS SCCP Control Protocol Malformed Message DoS (CSCee08584)

medium Nessus Plugin ID 16217

Synopsis

The remote device is missing a vendor-supplied security patch

Description

The remote router contains a version of IOS which has flaw in its telephony service.

If the remote router is configured for ITS, CME or SRST, then an attacker may send malformed TCP queries to the remote host resulting in a reboot of the router.

CISCO identifies this vulnerability as bug id CSCee08584

Solution

http://www.cisco.com/en/US/products/products_security_advisory09186a00803b3fff.shtml

Plugin Details

Severity: Medium

ID: 16217

File Name: CSCee08584.nasl

Version: 1.17

Type: local

Family: CISCO

Published: 1/19/2005

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/19/2005

Reference Information

CVE: CVE-2005-0186

BID: 12307