Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Cisco Products TCP Flood Denial of Service Vulnerability

Cisco-SA-20150529-CVE-2015-0744 · Medium · Published · Updated

A vulnerability in the TCP module of multiple Cisco products could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of rate limiting in the TCP listener application. An attacker could exploit this vulnerability by sending a TCP SYN flood or DoS traffic stream to a targeted device. An exploit could allow the attacker to block TCP listening ports and exhaust system resources such as CPU and memory. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit this vulnerability, an attacker may need access to trusted, internal networks to send a TCP SYN flood or DoS traffic stream to the affected device. This access requirement may reduce the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Administrators
may consider using IP-based access control lists (ACLs) to allow only
trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-0744
Cisco Bug IDsCSCus50625, CSCus50642, CSCus50657, CSCus50662, CSCus68315
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C
Product Names From Source
Cisco DTA Control System (DTACS), Cisco Headend System Releases, Headend System Releases

Related Products

Product CVE Evidence
Headend System Releases CVE-2015-0744 Cisco OpenVuln
Cisco Headend System Releases CVE-2015-0744 Cisco OpenVuln
Cisco DTA Control System (DTACS) CVE-2015-0744 Cisco OpenVuln