CVE-2009-2868Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 36.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 28
Latest updateMay 2

Description

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios40 versions+39

🔴Vulnerability Details

2
GHSA
GHSA-35r5-pw6j-5f37: Unspecified vulnerability in Cisco IOS 122022-05-02
CVEList
CVE-2009-2868: Unspecified vulnerability in Cisco IOS 122009-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability2009-09-23
CVE-2009-2868 — Cisco IOS vulnerability | cvebase