CVE-2009-0635: Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows…

CVE-2009-0635 [HIGH] CWE-399 Cisco IOS cTCP Denial of Service Vulnerability Cisco IOS cTCP Denial of Service Vulnerability A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released software updates that address this vulnerability. No workarounds are available; however, the IPSec NAT traversal (NAT-T) feature can be used as an alternative. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090325-ctcp. Note: The March 25, 2009, Cisco IOS Security Advisory bundled publication includes eight Security Advisories. All of the advisories address vulnerabilities in Cisco IOS Software. Each advisory lists the releases that correct the vulnerab

CVE-2009-0635 Cisco IOS cTCP Denial of Service Vulnerability CVE-2009-0635: Cisco IOS cTCP Denial of Service Vulnerability A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released software updates that address this vulnerability. No CWE: CWE-399, CWE-399 Bug IDs: CSCsr16693, CSCsu21828, CSCsr16693, CSCsu21828

CVE-2009-0635 [HIGH] GHSA-jrx8-5mjp-vjpm: Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12 Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.