Cisco IOS Software TCP Initial Sequence Number Randomization Improvements - Cisco Systems

high Nessus Plugin ID 48953

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

Cisco IOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts. To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747.
Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20010301-ios-tcp-isn-random.

See Also

http://www.nessus.org/u?98df6997

http://www.nessus.org/u?4b55ca71

Plugin Details

Severity: High

ID: 48953

File Name: cisco-sa-20010301-ios-tcp-isn-randomhttp.nasl

Version: 1.12

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/1/2001

Vulnerability Publication Date: 3/1/2001

Reference Information

CVE: CVE-2001-0288

BID: 2682