Cisco IOS Software TELNET Option Handling Vulnerability - Cisco Systems

medium Nessus Plugin ID 48948

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A defect in multiple Cisco IOS software versions will cause a Cisco router to reload unexpectedly when the router is tested for security vulnerabilities by security scanning software programs. The defect can be exploited repeatedly to produce a consistent denial of service (DoS) attack. Customers using the affected Cisco IOS software releases are urged to upgrade as soon as possible to later versions that are not vulnerable to this defect. Vulnerable products and releases are listed in detail below. The security scanner is testing for the presence of two specific vulnerabilities that affect certain UNIX-based systems. The vulnerabilities are unrelated to Cisco IOS software and Cisco IOS software is not directly at risk from them. However, a side-effect of the tests exposes the defect described in this security advisory, and the router will reload unexpectedly as soon as it receives any subsequent traffic. This defect is documented as Cisco Bug ID CSCdm70743.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20000420-ios-telnet.

See Also

http://www.nessus.org/u?f456e909

http://www.nessus.org/u?297a9338

Plugin Details

Severity: Medium

ID: 48948

File Name: cisco-sa-20000420-ios-telnethttp.nasl

Version: 1.13

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2000

Vulnerability Publication Date: 4/20/2000

Reference Information

CVE: CVE-2000-0268

BID: 1123