CVE-2009-2872 — Cisco IOS vulnerability

CWE-3996 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.3%

top 20.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedSep 28

Latest updateMay 2

Description

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios288 versions+287

🔴Vulnerability Details

GHSA

GHSA-mh9m-75gc-gjxq: Cisco IOS 12↗2022-05-02

▶

CVEList

CVE-2009-2872: Cisco IOS 12↗2009-09-28

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Tunnels Vulnerability↗2009-09-23

▶

💬Community

Bugzilla

CVE-2009-3554 JBoss EAP Twiddle logs the JMX password↗2009-11-20

▶

Bugzilla

CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets↗2008-10-23

▶