CVE-2009-0635

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/34438	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml	Patch Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/34246
http://www.securitytracker.com/id?1021895
http://www.vupen.com/english/advisories/2009/0851	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49417
http://secunia.com/advisories/34438	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml	Patch Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/34246
http://www.securitytracker.com/id?1021895
http://www.vupen.com/english/advisories/2009/0851	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49417

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.4t:::::::*
	cpe:2.3:o:cisco:ios:12.4xz:::::::*
	cpe:2.3:o:cisco:ios:12.4ya:::::::*

History

21 Nov 2024, 01:00

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/34438 - Vendor Advisory~~	() http://secunia.com/advisories/34438 - Vendor Advisory
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml - Patch, Vendor Advisory
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/34246 -~~	() http://www.securityfocus.com/bid/34246 -
References	~~() http://www.securitytracker.com/id?1021895 -~~	() http://www.securitytracker.com/id?1021895 -
References	~~() http://www.vupen.com/english/advisories/2009/0851 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/0851 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/49417 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/49417 -

Information

Published : 2009-03-27 16:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0635

Mitre link : CVE-2009-0635

CVE.ORG link : CVE-2009-0635

JSON object : View

Products Affected

cisco

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2009-0635", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-27T16:30:02.077", "references": [{"url": "http://secunia.com/advisories/34438", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securityfocus.com/bid/34246", "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id?1021895", "source": "psirt@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0851", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49417", "source": "psirt@cisco.com"}, {"url": "http://secunia.com/advisories/34438", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34246", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021895", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0851", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49417", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets."}, {"lang": "es", "value": "Perdida de memoria en la funcionalidad de encapsulado de Cisco Tunneling Control Protocol (cTCP) en Cisco IOS v12.4, cuando se ha habilitado un servidor Easy VPN (conocido como EZVPN), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda del dispositivo) mediante una secuencia de paquetes TCP."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEAD7398-D1B2-47FB-952D-8C3162D5A363"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4963A243-74FA-43AD-9645-C9FAD527A6E1"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C6EACA-35BE-4032-93DA-5F738AEE0F4A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com", "evaluatorSolution": "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml\r\n\r\n\r\nObtaining Fixed Software\r\n\r\nCisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml ."}

7.1 /10