CVE-2009-2871Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 29.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 28
Latest updateMay 2

Description

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-w8mc-2j77-9pfm: Unspecified vulnerability in Cisco IOS 122022-05-02
CVEList
CVE-2009-2871: Unspecified vulnerability in Cisco IOS 122009-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability2009-09-23
CVE-2009-2871 — Cisco IOS vulnerability | cvebase