Details of VAR-200212-0766

ID

VAR-200212-0766

CVE

CVE-2002-2239

TITLE

Cisco OSM Line Cards Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-159

DESCRIPTION

The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. A vulnerability has been discovered in OSM Line Cards when installed in various Cisco devices. Cisco has reported that a denial of service may occur when processing an irregularly constructed network packet. Exploitation of this issue will cause the Cisco device to no longer forward legitimate packets. Precise technical details regarding this vulnerability are not yet known. This BID will be updated as further information becomes available. An issue in the Fiber Services module's handling of specially crafted or corrupted packets from the internal network could allow a remote attacker to exploit this vulnerability to conduct a denial of service attack. When some malformed data frames arrive at the interface, the packet forwarding engine specifies the line card (line card) to rewrite the data frame. By using this method, legitimate information can be overwritten, causing the interface to stop accepting and forwarding network communications. The BUG ID of this vulnerability is: CSCdy29717

Trust: 1.26

sources: NVD: CVE-2002-2239 // BID: 6358 // VULHUB: VHN-6622

AFFECTED PRODUCTS

vendor:	cisco	model:	ios 12.1 e	scope:	-	version:	-	Trust: 1.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.1e	Trust: 1.6
vendor:	cisco	model:	catalyst	scope:	eq	version:	6500	Trust: 0.3
vendor:	cisco	model:	-	scope:	eq	version:	7600	Trust: 0.3

sources: BID: 6358 // CNNVD: CNNVD-200212-159 // NVD: CVE-2002-2239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2239
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-159
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6622
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2239
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6622
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6622 // CNNVD: CNNVD-200212-159 // NVD: CVE-2002-2239

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-6622 // NVD: CVE-2002-2239

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-159

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200212-159

EXTERNAL IDS

db:	BID	id:	6358	Trust: 2.0
db:	NVD	id:	CVE-2002-2239	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-159	Trust: 0.7
db:	NSFOCUS	id:	4032	Trust: 0.6
db:	XF	id:	10823	Trust: 0.6
db:	CISCO	id:	20021211 OSM LINE CARD HEADER CORRUPTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-6622	Trust: 0.1

sources: VULHUB: VHN-6622 // BID: 6358 // CNNVD: CNNVD-200212-159 // NVD: CVE-2002-2239

REFERENCES

url:	http://www.cisco.com/warp/public/707/osm-lc-ios-pkt-vuln-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/6358	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10823	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/10823	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/4032	Trust: 0.6

sources: VULHUB: VHN-6622 // BID: 6358 // CNNVD: CNNVD-200212-159 // NVD: CVE-2002-2239

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200212-159

SOURCES

db:	VULHUB	id:	VHN-6622
db:	BID	id:	6358
db:	CNNVD	id:	CNNVD-200212-159
db:	NVD	id:	CVE-2002-2239

LAST UPDATE DATE

2024-08-14T13:40:32.336000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6622	date:	2017-07-29T00:00:00
db:	BID	id:	6358	date:	2002-12-11T00:00:00
db:	CNNVD	id:	CNNVD-200212-159	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2239	date:	2017-07-29T01:29:01.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6622	date:	2002-12-31T00:00:00
db:	BID	id:	6358	date:	2002-12-11T00:00:00
db:	CNNVD	id:	CNNVD-200212-159	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2239	date:	2002-12-31T05:00:00