CVE-2010-0577Infinite Loop in Cisco IOS

CWE-3994 documents4 sources
Severity
7.1HIGHNVD
EPSS
1.6%
top 18.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 25
Latest updateMay 2

Description

Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios136 versions+135

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-2q84-j32v-48rc: Cisco IOS 122022-05-02
CVEList
CVE-2010-0577: Cisco IOS 122010-03-25

📋Vendor Advisories

1
Cisco
Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability2010-03-24
CVE-2010-0577 — Infinite Loop in Cisco IOS | cvebase