Vulnerability CVE-2000-0268


Published: 2000-04-20   Modified: 2012-02-12

Description:
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.

Vendor: Cisco
Product: Accesspath 
Version:
vs-3
ts-3
ls-3
Product: IOS 
Version:
12.0(7)t
12.0(6)
12.0(5)
12.0(4)t
12.0(4)s
12.0(4)
12.0(3)t2
12.0(2)xg
12.0(2)xf
12.0(2)xd
12.0(2)xc
12.0(2)
11.3aa
Product: As5800 
Product: Voice gateway as5800 
Product: 3660 router 
Product: 7200 router 
Product: As5300 
Product: Ubr7200 
Product: System controller 3640 
Product: 7100 router 
Product: As5200 
Product: 7500 router 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
http://www.securityfocus.com/bid/1123
http://www.osvdb.org/1289

Related CVE
CVE-2018-0428
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerabili...
CVE-2018-0427
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-suppli...
CVE-2018-0419
A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper ...
CVE-2018-0418
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device...
CVE-2018-0415
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticat...
CVE-2018-0412
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthentic...
CVE-2018-0410
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. T...
CVE-2018-0386
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input tha...

Copyright 2018, cxsecurity.com

 

Back to Top