ID CVE-2003-0305
Summary The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
References
Vulnerable Configurations
  • Cisco IOS 12.0S release 15
    cpe:2.3:o:cisco:ios:12.0%2815%29s
  • Cisco IOS 12.0SC release 15
    cpe:2.3:o:cisco:ios:12.0%2815%29sc
  • Cisco IOS 12.0SL release 15
    cpe:2.3:o:cisco:ios:12.0%2815%29sl
  • Cisco IOS 12.0S release 16
    cpe:2.3:o:cisco:ios:12.0%2816%29s
  • Cisco IOS 12.0SC release 16
    cpe:2.3:o:cisco:ios:12.0%2816%29sc
  • Cisco IOS 12.0 (16)ST
    cpe:2.3:o:cisco:ios:12.0%2816%29st
  • Cisco IOS 12.0 (17)S
    cpe:2.3:o:cisco:ios:12.0%2817%29s
  • Cisco IOS 12.0SL release 17
    cpe:2.3:o:cisco:ios:12.0%2817%29sl
  • Cisco IOS 12.0 (18)S
    cpe:2.3:o:cisco:ios:12.0%2818%29s
  • Cisco IOS 12.0SL release 18
    cpe:2.3:o:cisco:ios:12.0%2818%29sl
  • Cisco IOS 12.0 (19)S
    cpe:2.3:o:cisco:ios:12.0%2819%29s
  • Cisco IOS 12.0SL release 19
    cpe:2.3:o:cisco:ios:12.0%2819%29sl
  • Cisco IOS 12.0SP release 19
    cpe:2.3:o:cisco:ios:12.0%2819%29sp
  • Cisco IOS 12.0SL release 20
    cpe:2.3:o:cisco:ios:12.0%2820%29sl
  • Cisco IOS 12.0SP release 20
    cpe:2.3:o:cisco:ios:12.0%2820%29sp
  • Cisco IOS 12.0 (21)S
    cpe:2.3:o:cisco:ios:12.0%2821%29s
  • Cisco IOS 12.0SL release 21
    cpe:2.3:o:cisco:ios:12.0%2821%29sl
  • Cisco IOS 12.0 (21)SX
    cpe:2.3:o:cisco:ios:12.0%2821%29sx
  • Cisco IOS 12.1EA release 8
    cpe:2.3:o:cisco:ios:12.1%288%29ea
  • Cisco IOS 12.1EA release 9
    cpe:2.3:o:cisco:ios:12.1%289%29ea
  • Cisco IOS 12.1 release 10
    cpe:2.3:o:cisco:ios:12.1%2810%29
  • Cisco IOS 12.1 (10)E
    cpe:2.3:o:cisco:ios:12.1%2810%29e
  • Cisco IOS 12.1EC release 10
    cpe:2.3:o:cisco:ios:12.1%2810%29ec
  • Cisco IOS 12.1 (10)EX
    cpe:2.3:o:cisco:ios:12.1%2810%29ex
  • Cisco IOS 12.1 (10)EY
    cpe:2.3:o:cisco:ios:12.1%2810%29ey
  • Cisco IOS 12.1EC release 10.5
    cpe:2.3:o:cisco:ios:12.1%2810.5%29ec
  • Cisco IOS 12.1 (10a)
    cpe:2.3:o:cisco:ios:12.1%2810a%29
  • Cisco IOS 12.1 (11)
    cpe:2.3:o:cisco:ios:12.1%2811%29
  • Cisco IOS 12.1 E release 11.5
    cpe:2.3:o:cisco:ios:12.1%2811.5%29e
  • Cisco IOS 12.1 release 11a
    cpe:2.3:o:cisco:ios:12.1%2811a%29
  • Cisco IOS 12.1 (11b)
    cpe:2.3:o:cisco:ios:12.1%2811b%29
  • Cisco IOS 12.1 (11b)E
    cpe:2.3:o:cisco:ios:12.1%2811b%29e
  • Cisco IOS 12.1 release 12
    cpe:2.3:o:cisco:ios:12.1%2812%29
  • Cisco IOS 12.1 release 12a
    cpe:2.3:o:cisco:ios:12.1%2812a%29
  • Cisco IOS 12.1 (12b)
    cpe:2.3:o:cisco:ios:12.1%2812b%29
  • Cisco IOS 12.1 release 12c
    cpe:2.3:o:cisco:ios:12.1%2812c%29
  • Cisco IOS 12.1 (13)
    cpe:2.3:o:cisco:ios:12.1%2813%29
  • Cisco IOS 12.1 release 14
    cpe:2.3:o:cisco:ios:12.1%2814%29
  • Cisco IOS 12.1 release 14.5
    cpe:2.3:o:cisco:ios:12.1%2814.5%29
  • Cisco IOS 12.2 release 6.8a
    cpe:2.3:o:cisco:ios:12.2%286.8a%29
  • Cisco IOS 12.2 (7)
    cpe:2.3:o:cisco:ios:12.2%287%29
  • Cisco IOS 12.2 (7)DA
    cpe:2.3:o:cisco:ios:12.2%287%29da
  • Cisco IOS 12.2 (7a)
    cpe:2.3:o:cisco:ios:12.2%287a%29
  • Cisco IOS 12.2(7b)
    cpe:2.3:o:cisco:ios:12.2%287b%29
  • Cisco IOS 12.2 release 7c
    cpe:2.3:o:cisco:ios:12.2%287c%29
  • Cisco IOS 12.2 (9)S
    cpe:2.3:o:cisco:ios:12.2%289%29s
  • Cisco IOS 12.2DA release 9.4
    cpe:2.3:o:cisco:ios:12.2%289.4%29da
  • Cisco IOS 12.2S release 10.5
    cpe:2.3:o:cisco:ios:12.2%2810.5%29s
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CISCO
    NASL id CISCO-SA-20030515-SAAHTTP.NASL
    description The Service Assurance Agent (SAA) is the new name for the Response Time Reporter (RTR) feature. The router is vulnerable only if the RTR responder is enabled. When the router receives a malformed RTR packet, it will crash. RTR is disabled by default. There is no workaround short of disabling the RTR responder. It is possible to mitigate the vulnerability by applying the access control list (ACL) on the router.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 55385
    published 2011-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55385
    title Cisco IOS Software Processing of SAA Packets - Cisco Systems
  • NASL family CISCO
    NASL id CSCDX17916.NASL
    description It is possible to crash the remote router by sending malformed Response Time Responder (RTR) packets. For this flaw to be exploitable, the router needs to have RTR responder enabled. This bug is referenced as CISCO bug id CSCdx17916 and CSCdx61997.
    last seen 2017-10-29
    modified 2014-08-11
    plugin id 11632
    published 2003-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11632
    title Cisco IOS SAA Malformed RTR Packet DoS (CSCdx17916, CSCdx61997)
oval via4
accepted 2008-09-08T04:00:30.972-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
family ios
id oval:org.mitre.oval:def:5608
status accepted
submitted 2008-05-02T11:06:36.000-04:00
title Cisco IOS Denial of Service Vulnerability
version 3
refmap via4
cisco 20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets
Last major update 04-03-2009 - 00:18
Published 09-06-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top