CVE-2009-0635

2009-03-2716:30:02

CWE-399

cisco

web.nvd.nist.gov

cisco

ctcp

memory leak

denial of service

cve-2009-0635

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.5

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.

Affected configurations

Nvd

Node

ciscoiosMatch12.4t

ciscoiosMatch12.4xz

ciscoiosMatch12.4ya

VendorProductVersionCPE
ciscoios12.4tcpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*
ciscoios12.4xzcpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*
ciscoios12.4yacpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	12.4t	cpe:2.3:o:cisco:ios:12.4t:::::::*
cisco	ios	12.4xz	cpe:2.3:o:cisco:ios:12.4xz:::::::*
cisco	ios	12.4ya	cpe:2.3:o:cisco:ios:12.4ya:::::::*