CVE-2009-2871

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

Published: Sep 28, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2871
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios	12.2xnd	12.2xnd.x
cisco / ios	12.4t	12.4t.x
cisco / ios	12.4xq	12.4xq.x
cisco / ios	12.4xj	12.4xj.x
cisco / ios	12.4mr	12.4mr.x
cisco / ios	12.2xna	12.2xna.x
cisco / ios	12.4xf	12.4xf.x
cisco / ios	12.4xv	12.4xv.x
cisco / ios	12.4xw	12.4xw.x
cisco / ios	12.4xz	12.4xz.x
cisco / ios	12.4xk	12.4xk.x
cisco / ios	12.4sw	12.4sw.x
cisco / ios	12.2xnb	12.2xnb.x
cisco / ios	12.4md	12.4md.x
cisco / ios	12.2xnc	12.2xnc.x
cisco / ios	12.4xy	12.4xy.x
cisco / ios	12.4xr	12.4xr.x

http://tools.cisco.com/security/center/viewAlert.x?alertId=18892
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811c.shtml
http://www.securitytracker.com/id?1022930
http://www.vupen.com/english/advisories/2009/2759

Vulnerability Database

290,206

CVE-2009-2871