Details of VAR-200108-0017

ID

VAR-200108-0017

CVE

CVE-2001-1064

TITLE

Cisco CBOS Multiple TCP Connection service denial vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200108-199

DESCRIPTION

Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. CBOS is the Cisco Broadband Operating System, firmware designed for use on Cisco 600 series routers. It is maintained and distributed by Cisco Systems. CBOS becomes unstable when it receives multiple TCP connections on one of the two administrative ports; 21 via telnet, or 80 via HTTP. Upon receiving multiple connections on one of these two ports, the 600 series router becomes incapable of configuration, requiring reboot to resume normal operation. This problem affects the following Cisco 600 series routers: 627, 633, 673, 675, 675E, 677, 677i and 678

Trust: 1.26

sources: NVD: CVE-2001-1064 // BID: 3236 // VULHUB: VHN-3869

AFFECTED PRODUCTS

vendor:	cisco	model:	cbos	scope:	eq	version:	2.3.7	Trust: 1.9
vendor:	cisco	model:	cbos	scope:	eq	version:	2.3.5	Trust: 1.9
vendor:	cisco	model:	cbos	scope:	eq	version:	2.3.2	Trust: 1.9
vendor:	cisco	model:	cbos	scope:	eq	version:	2.3	Trust: 1.9
vendor:	cisco	model:	cbos	scope:	eq	version:	2.2.1	Trust: 1.9
vendor:	cisco	model:	cbos	scope:	eq	version:	2.0.1	Trust: 1.9
vendor:	cisco	model:	cbos	scope:	eq	version:	2.2.0	Trust: 1.6
vendor:	cisco	model:	cbos	scope:	eq	version:	2.1.0	Trust: 1.6
vendor:	cisco	model:	cbos	scope:	eq	version:	2.1.0a	Trust: 1.6
vendor:	cisco	model:	cbos	scope:	eq	version:	2.2.1a	Trust: 1.6
vendor:	cisco	model:	cbos	scope:	eq	version:	2.4.2	Trust: 1.3
vendor:	cisco	model:	cbos	scope:	eq	version:	2.4.1	Trust: 1.3
vendor:	cisco	model:	cbos	scope:	eq	version:	2.3.9	Trust: 1.3
vendor:	cisco	model:	cbos	scope:	eq	version:	2.3.8	Trust: 1.3
vendor:	cisco	model:	cbos	scope:	lte	version:	2.4.2ap	Trust: 1.0
vendor:	cisco	model:	cbos ap	scope:	eq	version:	2.4.2	Trust: 0.3
vendor:	cisco	model:	cbos a	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	cisco	model:	cbos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	cbos a	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	cbos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	cbos	scope:	ne	version:	2.4.3	Trust: 0.3
vendor:	cisco	model:	cbos b	scope:	ne	version:	2.4.2	Trust: 0.3

sources: BID: 3236 // CNNVD: CNNVD-200108-199 // NVD: CVE-2001-1064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1064
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200108-199
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3869
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1064
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3869
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3869 // CNNVD: CNNVD-200108-199 // NVD: CVE-2001-1064

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200108-199

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200108-199

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-3869

EXTERNAL IDS

db:	BID	id:	3236	Trust: 2.0
db:	NVD	id:	CVE-2001-1064	Trust: 2.0
db:	CNNVD	id:	CNNVD-200108-199	Trust: 0.7
db:	XF	id:	7025	Trust: 0.6
db:	XF	id:	7026	Trust: 0.6
db:	CISCO	id:	20010823 CBOS WEB-BASED CONFIGURATION UTILITY VULNERABILITY	Trust: 0.6
db:	EXPLOIT-DB	id:	21092	Trust: 0.1
db:	SEEBUG	id:	SSVID-74932	Trust: 0.1
db:	VULHUB	id:	VHN-3869	Trust: 0.1

sources: VULHUB: VHN-3869 // BID: 3236 // CNNVD: CNNVD-200108-199 // NVD: CVE-2001-1064

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/3236	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7026	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7025	Trust: 1.1
url:	http://xforce.iss.net/static/7026.php	Trust: 0.6
url:	http://xforce.iss.net/static/7025.php	Trust: 0.6

sources: VULHUB: VHN-3869 // BID: 3236 // CNNVD: CNNVD-200108-199 // NVD: CVE-2001-1064

CREDITS

This vulnerability was announced in a Cisco Security Advisory on August 23, 2001.

Trust: 0.9

sources: BID: 3236 // CNNVD: CNNVD-200108-199

SOURCES

db:	VULHUB	id:	VHN-3869
db:	BID	id:	3236
db:	CNNVD	id:	CNNVD-200108-199
db:	NVD	id:	CVE-2001-1064

LAST UPDATE DATE

2024-08-14T15:41:02.662000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3869	date:	2017-12-19T00:00:00
db:	BID	id:	3236	date:	2009-07-11T07:56:00
db:	CNNVD	id:	CNNVD-200108-199	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1064	date:	2017-12-19T02:29:32.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3869	date:	2001-08-31T00:00:00
db:	BID	id:	3236	date:	2001-08-23T00:00:00
db:	CNNVD	id:	CNNVD-200108-199	date:	2001-08-31T00:00:00
db:	NVD	id:	CVE-2001-1064	date:	2001-08-31T04:00:00