ID

VAR-200004-0028


CVE

CVE-2000-0268


TITLE

Cisco IOS TELNET Environment Variable Handling Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200004-051

DESCRIPTION

Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. Certain versions of Cisco's IOS software have a vulnerability in the Telnet Environment handling code. This attack can be launched repeatedly thereby effecting a Denial of Service attack. Cisco Internet Operating System (IOS) is an operating system used on CISCO routers. < *Link: http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml* >

Trust: 1.26

sources: NVD: CVE-2000-0268 // BID: 1123 // VULHUB: VHN-1847

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:11.3aa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xf

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xc

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xg

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(3\)t2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xd

Trust: 1.6

vendor:ciscomodel:7100 routerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(6\)

Trust: 1.0

vendor:ciscomodel:7200 routerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:3660 routerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:accesspathscope:eqversion:ts-3

Trust: 1.0

vendor:ciscomodel:as5800scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:system controller 3640scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ubr7200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)

Trust: 1.0

vendor:ciscomodel:7500 routerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:accesspathscope:eqversion:ls-3

Trust: 1.0

vendor:ciscomodel:as5300scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:voice gateway as5800scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:as5200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:accesspathscope:eqversion:vs-3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)t

Trust: 1.0

vendor:ciscomodel:voice gateway as5800scope: - version: -

Trust: 0.3

vendor:ciscomodel:system controller sc3640scope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.6

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.5

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios sscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios t2scope:eqversion:12.0.3

Trust: 0.3

vendor:ciscomodel:ios xgscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xfscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xdscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xcscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios 11.3aascope: - version: -

Trust: 0.3

vendor:ciscomodel:cable router ubr7200scope: - version: -

Trust: 0.3

vendor:ciscomodel:accesspath vs-3scope: - version: -

Trust: 0.3

vendor:ciscomodel:accesspath ts-3scope: - version: -

Trust: 0.3

vendor:ciscomodel:accesspath ls-3scope: - version: -

Trust: 0.3

vendor:ciscomodel:access server as5800scope: - version: -

Trust: 0.3

vendor:ciscomodel:access server as5300scope: - version: -

Trust: 0.3

vendor:ciscomodel:access server as5200scope: - version: -

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7500

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7200

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7100

Trust: 0.3

sources: BID: 1123 // CNNVD: CNNVD-200004-051 // NVD: CVE-2000-0268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0268
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200004-051
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1847
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0268
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1847
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1847 // CNNVD: CNNVD-200004-051 // NVD: CVE-2000-0268

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0268

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-051

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200004-051

EXTERNAL IDS

db:BIDid:1123

Trust: 2.0

db:NVDid:CVE-2000-0268

Trust: 1.7

db:OSVDBid:1289

Trust: 1.7

db:CNNVDid:CNNVD-200004-051

Trust: 0.7

db:NSFOCUSid:460

Trust: 0.6

db:CISCOid:20000420 CISCO IOS SOFTWARE TELNET OPTION HANDLING VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-1847

Trust: 0.1

sources: VULHUB: VHN-1847 // BID: 1123 // CNNVD: CNNVD-200004-051 // NVD: CVE-2000-0268

REFERENCES

url:http://www.securityfocus.com/bid/1123

Trust: 2.7

url:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml

Trust: 2.7

url:http://www.osvdb.org/1289

Trust: 2.7

url:http://www.nsfocus.net/vulndb/460

Trust: 0.6

url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-1847 // BID: 1123 // CNNVD: CNNVD-200004-051 // NVD: CVE-2000-0268

CREDITS

This vulnerability was originally discovered with a version of CyberCop Scanner from Network Associates. The public release of this information was in a Cisco security advisory posted to the Bugtraq mailing list on April 19, 2000.

Trust: 0.3

sources: BID: 1123

SOURCES

db:VULHUBid:VHN-1847
db:BIDid:1123
db:CNNVDid:CNNVD-200004-051
db:NVDid:CVE-2000-0268

LAST UPDATE DATE

2024-11-22T23:05:58.466000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1847date:2008-09-10T00:00:00
db:BIDid:1123date:2000-04-20T00:00:00
db:CNNVDid:CNNVD-200004-051date:2006-08-28T00:00:00
db:NVDid:CVE-2000-0268date:2024-11-20T23:32:06.777

SOURCES RELEASE DATE

db:VULHUBid:VHN-1847date:2000-04-20T00:00:00
db:BIDid:1123date:2000-04-20T00:00:00
db:CNNVDid:CNNVD-200004-051date:2000-04-20T00:00:00
db:NVDid:CVE-2000-0268date:2000-04-20T04:00:00