Cisco IOS Software TCP ACK Storm Vulnerability

A vulnerability in the TCP stack of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an ACK storm.

The vulnerability is due to improper closing of an established TCP connection. An attacker could exploit this vulnerability by sending a crafted sequence of TCP ACK and FIN packets to an affected device. A successful exploit could allow the attacker to cause an ACK storm resulting in excessive network and CPU utilization.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, the attacker would need the ability to send a sequence of TCP ACK and FIN packets to the targeted system. To achieve this objective, the attacker may need access to trusted, internal network resources. This access requirement reduces the likelihood of a successful exploit…

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.