Cisco IOS Intrusion Prevention System (IPS) Multiple Vulnerabilities (CSCsa53334, CSCsg15598)

high Nessus Plugin ID 24739

Synopsis

The remote CISCO device can be crashed remotely.

Description

The remote version of IOS contains an intrusion prevention system that is affected by a fragmented packet evasion vulnerability and a denial of service vulnerability.

An attacker might use these flaws to disable this device remotely or to sneak past the IPS.

Solution

http://www.nessus.org/u?16b1f263

Plugin Details

Severity: High

ID: 24739

File Name: CSCsg15598.nasl

Version: 1.18

Type: local

Family: CISCO

Published: 3/1/2007

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/13/2007

Reference Information

CVE: CVE-2007-0917, CVE-2007-0918

BID: 22549

CWE: 20