Overview
An unspecified error in Cisco Internetwork Operating System (IOS) could allow a remote attacker to cause a denial of service.
Description
Cisco IOS is a very widely deployed network operating system. IOS release trains 12.1YD, 12.2T, 12.3, and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME), or Survivable Site Telephony (SRST), may contain a vulnerability in the processing of certain control protocol messages. A specially crafted control protocol message could cause the device to reload. |
Impact
By sending a specially crafted control protocol message to an affected device, a remote attacker could cause the device to reset. Repeated exploitation of this vulnerability could lead to a sustained denial-of-service condition. |
Solution
Apply a patch or upgrade Please refer to the "Software Versions and Fixes" section of the Cisco Security Advisory for more information on upgrading. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team.
This document was written by Will Dormann, based on the information provided in the Cisco Security Advisory.
Other Information
| CVE IDs: | None |
| Severity Metric: | 9.45 |
| Date Public: | 2005-01-19 |
| Date First Published: | 2005-01-21 |
| Date Last Updated: | 2005-01-21 19:40 UTC |
| Document Revision: | 7 |