Detections
Analytics

Cisco IOS Syslog Crash - Cisco Systems

medium Nessus Plugin ID 48946

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

Certain versions of Cisco IOS software may crash or hang when they receive invalid user datagram protocol (UDP) packets sent to their "syslog" ports (port 514). At least one commonly-used Internet scanning tool generates packets which can cause such crashes and hangs. This fact has been announced on public Internet mailing lists which are widely read both by security professionals and by security "crackers", and should be considered public information. This vulnerability affects devices running Cisco IOS software version 11.3AA, version 11.3DB, or any 12.0-based version (including 12.0 mainline, 12.0S, 12.0T, and any other regular released version whose number starts with "12.0"). The vulnerability has been corrected in certain special releases, and will be corrected in maintenance and interim releases which will be issued in the future; see the section on "Software Versions and Fixes" for details on which versions are affected, and on which versions are, or will be, fixed. Cisco intends to provide fixes for all affected IOS variants. There is a configuration workaround for this vulnerability.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-19990111-ios-syslog.

See Also

http://www.nessus.org/u?cba2a843

http://www.nessus.org/u?78dccba2

Plugin Details

Severity: Medium

ID: 48946

File Name: cisco-sa-19990111-ios-sysloghttp.nasl

Version: 1.15

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/11/1999

Reference Information

CVE: CVE-1999-0063

BID: 675