CVE-2009-0635

{"id": "CVE-2009-0635", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-27T16:30:02.077", "references": [{"url": "http://secunia.com/advisories/34438", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/34246", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1021895", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0851", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49417", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets."}, {"lang": "es", "value": "Perdida de memoria en la funcionalidad de encapsulado de Cisco Tunneling Control Protocol (cTCP) en Cisco IOS v12.4, cuando se ha habilitado un servidor Easy VPN (conocido como EZVPN), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda del dispositivo) mediante una secuencia de paquetes TCP."}], "lastModified": "2017-08-17T01:29:56.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEAD7398-D1B2-47FB-952D-8C3162D5A363"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4963A243-74FA-43AD-9645-C9FAD527A6E1"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C6EACA-35BE-4032-93DA-5F738AEE0F4A"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com", "evaluatorSolution": "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml\r\n\r\n\r\nObtaining Fixed Software\r\n\r\nCisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml ."}