CVE-2008-1152 — Cisco IOS vulnerability

CWE-3995 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.3%

top 20.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS

Timeline

PublishedMar 27

Latest updateMay 1

Description

The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/ios5 versions+4

▶NVDcisco/cisco_ios5 versions+4

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-mx4j-m8xg-9rjj: The data-link switching (DLSw) component in Cisco IOS 12↗2022-05-01

▶

CVEList

CVE-2008-1152: The data-link switching (DLSw) component in Cisco IOS 12↗2008-03-27

▶

💥Exploits & PoCs

Exploit-DB

Gigaset SE461 WiMAX Router - Remote Denial of Service↗2009-03-23

▶

📋Vendor Advisories

Cisco

Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS↗2008-03-26

▶