IOS Reload after Scanning Vulnerability - Cisco Systems

medium Nessus Plugin ID 48955

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

Security Scanning software can cause a memory error in Cisco IOS Software that will cause a reload to occur. This vulnerability affects only Cisco IOS software version 12.1(2)T and 12.1(3)T, and limited deployment releases based on those versions. Customers using the affected Cisco IOS software releases are urged to upgrade as soon as possible to later versions that are not vulnerable to this defect. Vulnerable products and releases are listed in detail below. The security scanner makes TCP connection attempts to various ports, looking for open ports to further investigate known vulnerabilities with those services associated with certain ports. However, a side effect of the tests exposes the defect described in this security advisory, and the router will reload unexpectedly as soon as it receives a request to review or write the configuration file.
This defect is documented as Cisco Bug ID CSCds07326.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20010524-ios-tcp-scanner-reload.

See Also

http://www.nessus.org/u?34c1a8f9

http://www.nessus.org/u?a4d7793b

Plugin Details

Severity: Medium

ID: 48955

File Name: cisco-sa-20010524-ios-tcp-scanner-reloadhttp.nasl

Version: 1.11

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/24/2001

Vulnerability Publication Date: 5/24/2001

Reference Information

CVE: CVE-2001-0750

BID: 2804