CVE-2007-0199 — Race Condition in Cisco IOS

CWE-362 — Race Condition CWE-3999 documents5 sources

Severity

5.4MEDIUMNVD

NVD5.0CNA5.0

EPSS

1.5%

top 19.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedJan 11

Latest updateMay 17

Description

The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ios12.4+6

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-v8pm-776c-452x: Cisco IOS 12↗2022-05-17

▶

GHSA

GHSA-9673-77f3-57fv: The Data-link Switching (DLSw) feature in Cisco IOS 11↗2022-05-01

▶

CVEList

CVE-2011-1625: Cisco IOS 12↗2011-08-18

▶

CVEList

CVE-2007-0199: The Data-link Switching (DLSw) feature in Cisco IOS 11↗2007-01-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Excel - OLE Arbitrary Code Execution↗2017-09-30

▶

📋Vendor Advisories

Cisco

Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS↗2008-03-26

▶

Cisco

DLSw Vulnerability↗2007-01-10

▶