Vulnerability CVE-2004-0551


Published: 2004-08-06   Modified: 2012-02-12

Description:
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."

Vendor: Cisco
Product: Catos 
Version:
8.3glx
8.3(1)glx
8.2(1)
8.2
8.1(3)
8.1(2)
8.1
7.6(5)
7.6(4)
7.6(3)
7.6(2)
7.6(1)
7.6
7.5(1)
7.5
7.4(3)
7.4(2)
7.4(1)
7.4(0.63)
7.4(0.2)clr
7.4
7.3(2)
7.3(1)
7.3
7.2(2)
7.2(1)
7.2(0.65)
7.1(2a)
7.1(2)
7.1(1a)
7.1(1)
7.1
6.4(8)
6.4(7)
6.4(6)
6.4(5)
6.4(4a)
6.4(3)
6.4(2)
6.4(1)
6.3(9)
6.3(8.3)
6.3(8)
6.3(7)
6.3(6)
6.3(5.10)
6.3(5)
6.3(4a)
6.3(4)
6.3(3a)
6.3(3)x1
6.3(3)x
6.3(3)
6.3(2a)
6.3(2)
6.3(1a)
6.3(10)
6.3(1)
6.3(0.7)pan
6.2(3a)
6.2(3)
6.2(2a)
6.2(2)
6.2(1a)
6.2(1)
6.2(0.111)
6.2(0.110)
6.1(4b)
6.1(4)
6.1(3a)
6.1(3)
6.1(2a)
6.1(2.13)
6.1(2)
6.1(1e)
6.1(1d)
6.1(1c)
6.1(1b)
6.1(1a)
6.1(1)
6.1
5.5(9)
5.5(8a)cv
5.5(8a)
5.5(8)
5.5(7a)
5.5(7)
5.5(6a)
5.5(6)
5.5(5)
5.5(4b)
5.5(4a)
5.5(4)
5.5(3)
5.5(2)
5.5(1a)
5.5(19)
5.5(18)
5.5(17)
5.5(16.2)
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.kb.cert.org/vuls/id/245190
http://xforce.iss.net/xforce/xfdb/16370
http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml

Related CVE
CVE-2019-1667
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could e...
CVE-2019-1666
A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploi...
CVE-2019-1665
A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected syste...
CVE-2019-1673
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is...
CVE-2019-1672
A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have bee...
CVE-2019-1680
A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by co...
CVE-2019-1679
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected ...
CVE-2019-1671
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an...

Copyright 2019, cxsecurity.com

 

Back to Top