ID CVE-2007-0199
Summary The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
References
Vulnerable Configurations
  • Cisco IOS 11.0
    cpe:2.3:o:cisco:ios:11.0
  • Cisco IOS 12.4
    cpe:2.3:o:cisco:ios:12.4
CVSS
Base: 5.0 (as of 11-01-2007 - 13:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CISCO
    NASL id CSCSF28840.NASL
    description The remote host is a CISCO router containing a version of IOS that is affected by a denial of service vulnerability. An attacker may exploit this flaw to crash the remote device.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 24019
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24019
    title Cisco IOS Data-link Switching (DLSw) Capabilities Exchange Remote DoS (CSCsf28840)
  • NASL family CISCO
    NASL id CISCO-SA-20070110-DLSWHTTP.NASL
    description A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device. There are workarounds available for this vulnerability, as detailed in the Workarounds section below.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 48994
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48994
    title DLSw Vulnerability - Cisco Systems
oval via4
accepted 2008-09-08T04:00:39.103-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
family ios
id oval:org.mitre.oval:def:5714
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS 12.4 Malformed DLSw Message DoS Vulnerability
version 3
refmap via4
bid 21990
cisco 20070110 DLSw Vulnerability
osvdb 32683
sectrack 1017498
secunia 23697
vupen ADV-2007-0139
Last major update 07-03-2011 - 21:48
Published 11-01-2007 - 06:28
Last modified 10-10-2017 - 21:31
Back to Top