Cisco CatOS Telnet Option Handling Overflow (CSCdw19195)

critical Nessus Plugin ID 10986

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Some Cisco Catalyst switches, running certain CatOS based software releases, have a vulnerability wherein a buffer overflow in the telnet option handling can cause the telnet daemon to crash and result in a switch reload. This vulnerability can be exploited to initiate a denial of service (DoS) attack.

This vulnerability is documented as Cisco bug ID CSCdw19195.

Solution

http://www.nessus.org/u?c67eaadb

Reference : http://online.securityfocus.com/archive/1/252833

Plugin Details

Severity: Critical

ID: 10986

File Name: CSCdw19195.nasl

Version: 1.24

Type: local

Family: CISCO

Published: 6/5/2002

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/18/2001

Reference Information

CVE: CVE-2001-0554

BID: 3064