Описание
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01415
Низкий
7.1 High
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
почти 4 года назад
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
EPSS
Процентиль: 80%
0.01415
Низкий
7.1 High
CVSS2
Дефекты
CWE-399