ID CVE-2004-0714
Summary Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
References
Vulnerable Configurations
  • Cisco IOS 12.0 (23)S4
    cpe:2.3:o:cisco:ios:12.0%2823%29s4
  • Cisco IOS 12.0 (23)S5
    cpe:2.3:o:cisco:ios:12.0%2823%29s5
  • Cisco IOS 12.0 (24)S4
    cpe:2.3:o:cisco:ios:12.0%2824%29s4
  • Cisco IOS 12.0 (24)S5
    cpe:2.3:o:cisco:ios:12.0%2824%29s5
  • Cisco IOS 12.0 (26)S1
    cpe:2.3:o:cisco:ios:12.0%2826%29s1
  • Cisco IOS 12.0 (27)S
    cpe:2.3:o:cisco:ios:12.0%2827%29s
  • Cisco IOS 12.0 (27)SV
    cpe:2.3:o:cisco:ios:12.0%2827%29sv
  • Cisco IOS 12.0 (27)SV1
    cpe:2.3:o:cisco:ios:12.0%2827%29sv1
  • Cisco IOS 12.0S
    cpe:2.3:o:cisco:ios:12.0s
  • Cisco IOS 12.0 SV
    cpe:2.3:o:cisco:ios:12.0sv
  • Cisco IOS 12.1 (20)E
    cpe:2.3:o:cisco:ios:12.1%2820%29e
  • Cisco IOS 12.1 (20)E1
    cpe:2.3:o:cisco:ios:12.1%2820%29e1
  • Cisco IOS 12.1 (20)E2
    cpe:2.3:o:cisco:ios:12.1%2820%29e2
  • Cisco IOS 12.1 (20)EA1
    cpe:2.3:o:cisco:ios:12.1%2820%29ea1
  • Cisco IOS 12.1 (20)EC
    cpe:2.3:o:cisco:ios:12.1%2820%29ec
  • Cisco IOS 12.1 (20)EC1
    cpe:2.3:o:cisco:ios:12.1%2820%29ec1
  • Cisco IOS 12.1(20)EO
    cpe:2.3:o:cisco:ios:12.1%2820%29eo
  • Cisco IOS 12.1 (20)EW
    cpe:2.3:o:cisco:ios:12.1%2820%29ew
  • Cisco IOS 12.1 (20)EW1
    cpe:2.3:o:cisco:ios:12.1%2820%29ew1
  • Cisco IOS 12.1E
    cpe:2.3:o:cisco:ios:12.1e
  • Cisco IOS 12.1EA
    cpe:2.3:o:cisco:ios:12.1ea
  • Cisco IOS 12.1EB
    cpe:2.3:o:cisco:ios:12.1eb
  • Cisco IOS 12.1EC
    cpe:2.3:o:cisco:ios:12.1ec
  • Cisco IOS 12.1EO
    cpe:2.3:o:cisco:ios:12.1eo
  • Cisco IOS 12.1EU
    cpe:2.3:o:cisco:ios:12.1eu
  • Cisco IOS 12.1EW
    cpe:2.3:o:cisco:ios:12.1ew
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
  • Cisco IOS 12.2 (12g)
    cpe:2.3:o:cisco:ios:12.2%2812g%29
  • Cisco IOS 12.2 (12h)
    cpe:2.3:o:cisco:ios:12.2%2812h%29
  • Cisco IOS 12.2 (20)S
    cpe:2.3:o:cisco:ios:12.2%2820%29s
  • Cisco IOS 12.2 (20)S1
    cpe:2.3:o:cisco:ios:12.2%2820%29s1
  • Cisco IOS 12.2 (21)
    cpe:2.3:o:cisco:ios:12.2%2821%29
  • Cisco IOS 12.2 (21a)
    cpe:2.3:o:cisco:ios:12.2%2821a%29
  • Cisco IOS 12.2 (23)
    cpe:2.3:o:cisco:ios:12.2%2823%29
  • Cisco IOS 12.2S
    cpe:2.3:o:cisco:ios:12.2s
  • Cisco IOS 12.2SW
    cpe:2.3:o:cisco:ios:12.2sw
  • Cisco IOS 12.2 ZQ
    cpe:2.3:o:cisco:ios:12.2zq
  • Cisco IOS 12.3
    cpe:2.3:o:cisco:ios:12.3
  • Cisco IOS 12.3 (2)T3
    cpe:2.3:o:cisco:ios:12.3%282%29t3
  • Cisco IOS 12.3 (2)XC1
    cpe:2.3:o:cisco:ios:12.3%282%29xc1
  • Cisco IOS 12.3 (2)XC2
    cpe:2.3:o:cisco:ios:12.3%282%29xc2
  • Cisco IOS 12.3 (4)T
    cpe:2.3:o:cisco:ios:12.3%284%29t
  • Cisco IOS 12.3 (4)T1
    cpe:2.3:o:cisco:ios:12.3%284%29t1
  • Cisco IOS 12.3 (4)T2
    cpe:2.3:o:cisco:ios:12.3%284%29t2
  • Cisco IOS 12.3 (4)T3
    cpe:2.3:o:cisco:ios:12.3%284%29t3
  • Cisco IOS 12.3 (4)XD
    cpe:2.3:o:cisco:ios:12.3%284%29xd
  • Cisco IOS 12.3 (4)XD1
    cpe:2.3:o:cisco:ios:12.3%284%29xd1
  • Cisco IOS 12.3(5)
    cpe:2.3:o:cisco:ios:12.3%285%29
  • Cisco IOS 12.3 (5a)
    cpe:2.3:o:cisco:ios:12.3%285a%29
  • Cisco IOS 12.3 (5a)b
    cpe:2.3:o:cisco:ios:12.3%285a%29b
  • Cisco IOS 12.3 (5b)
    cpe:2.3:o:cisco:ios:12.3%285b%29
  • Cisco IOS 12.3 (6)
    cpe:2.3:o:cisco:ios:12.3%286%29
  • Cisco IOS 12.3B
    cpe:2.3:o:cisco:ios:12.3b
  • Cisco IOS 12.3T
    cpe:2.3:o:cisco:ios:12.3t
  • Cisco IOS 12.3XC
    cpe:2.3:o:cisco:ios:12.3xc
  • Cisco IOS 12.3XD
    cpe:2.3:o:cisco:ios:12.3xd
  • Cisco IOS 12.3XE
    cpe:2.3:o:cisco:ios:12.3xe
  • Cisco IOS 12.3XF
    cpe:2.3:o:cisco:ios:12.3xf
  • Cisco IOS 12.3XG
    cpe:2.3:o:cisco:ios:12.3xg
  • Cisco IOS 12.3XH
    cpe:2.3:o:cisco:ios:12.3xh
  • Cisco IOS 12.3XK
    cpe:2.3:o:cisco:ios:12.3xk
  • Cisco IOS 12.3XQ
    cpe:2.3:o:cisco:ios:12.3xq
  • Cisco Optical Networking Systems Software (ONS) 3.0
    cpe:2.3:a:cisco:optical_networking_systems_software:3.0
  • Cisco Optical Networking Systems Software (ONS) 3.1.0
    cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0
  • Cisco Optical Networking Systems Software (ONS) 3.2.0
    cpe:2.3:a:cisco:optical_networking_systems_software:3.2.0
  • Cisco Optical Networking Systems Software (ONS) 3.3.0
    cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0
  • Cisco Optical Networking Systems Software (ONS) 3.4.0
    cpe:2.3:a:cisco:optical_networking_systems_software:3.4.0
  • Cisco Optical Networking Systems Software (ONS) 4.0 (1)
    cpe:2.3:a:cisco:optical_networking_systems_software:4.0%281%29
  • Cisco Optical Networking Systems Software (ONS) 4.0 (2)
    cpe:2.3:a:cisco:optical_networking_systems_software:4.0%282%29
  • Cisco Optical Networking Systems Software (ONS) 4.0.0
    cpe:2.3:a:cisco:optical_networking_systems_software:4.0.0
  • Cisco Optical Networking Systems Software (ONS) 4.1(0)
    cpe:2.3:a:cisco:optical_networking_systems_software:4.1%280%29
  • Cisco Optical Networking Systems Software (ONS) 4.1(1)
    cpe:2.3:a:cisco:optical_networking_systems_software:4.1%281%29
  • Cisco Optical Networking Systems Software (ONS) 4.1(2)
    cpe:2.3:a:cisco:optical_networking_systems_software:4.1%282%29
  • Cisco Optical Networking Systems Software (ONS) 4.1(3)
    cpe:2.3:a:cisco:optical_networking_systems_software:4.1%283%29
  • Cisco Optical Networking Systems Software (ONS) 4.1.0
    cpe:2.3:a:cisco:optical_networking_systems_software:4.1.0
  • Cisco ONS 15454E Optical Transport Platform
    cpe:2.3:o:cisco:ons_15454e_optical_transport_platform
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family CISCO
NASL id CISCO-SA-20040420-SNMP.NASL
description Cisco Internetwork Operating System (IOS) Software release trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload. The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575. This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a denial of service (DoS).
last seen 2019-02-21
modified 2018-11-15
plugin id 48974
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=48974
title Vulnerabilities in SNMP Message Processing - Cisco Systems
oval via4
accepted 2008-09-08T04:00:52.962-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
family ios
id oval:org.mitre.oval:def:5845
status accepted
submitted 2008-04-30T11:06:36.000-04:00
title Cisco IOS SNMP Malformed Message Denial of Service Vulnerability
version 4
refmap via4
bid 10186
cert TA04-111B
cert-vn VU#162451
cisco 20040420 Vulnerabilities in SNMP Message Processing
xf cisco-ios-snmp-udp-dos(15921)
Last major update 04-03-2009 - 00:22
Published 27-07-2004 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top