Details of VAR-200502-0053

ID

VAR-200502-0053

CVE

CVE-2005-0598

TITLE

Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets

Trust: 0.8

sources: CERT/CC: VU#579240

DESCRIPTION

The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets. This issue is due to a failure of the affected software to properly handle malformed network data. Specifically, multiple denial of service vulnerabilities and a single default administrator password issues were reported. The default password issue may allow an unauthorized user to gain administrator access to an affected device. ACNS is a Cisco digital media delivery solution that optimizes the delivery quality of video traffic from the data center to branch offices over the WAN

Trust: 2.7

sources: NVD: CVE-2005-0598 // CERT/CC: VU#579240 // CERT/CC: VU#360296 // BID: 12648 // VULHUB: VHN-11807

AFFECTED PRODUCTS

vendor:	cisco	model:	content delivery manager	scope:	eq	version:	4630	Trust: 1.9
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.3	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.2.11	Trust: 1.6
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	4.1	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.1	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.5	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.2.9	Trust: 1.6
vendor:	cisco	model:	content engine	scope:	eq	version:	7325	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	7320	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	590	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	565	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	560	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	510	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	507	Trust: 1.3
vendor:	cisco	model:	content delivery manager	scope:	eq	version:	4650	Trust: 1.3
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	content router 4450	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_2.2_.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_4.1	Trust: 1.0
vendor:	cisco	model:	content router 4430	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_3.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_3.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_2.2_.0	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4670	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_2.2_.0	Trust: 1.0
vendor:	cisco	model:	content engine module for cisco router	scope:	eq	version:	2800_series	Trust: 1.0
vendor:	cisco	model:	content engine module for cisco router	scope:	eq	version:	3700_series	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	\(acns\)	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_2.2_.0	Trust: 1.0
vendor:	cisco	model:	content engine module for cisco router	scope:	eq	version:	3800_series	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content engine module for cisco router	scope:	eq	version:	2600_series	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_4.0	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.1.3	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_4.0	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine module for cisco router	scope:	eq	version:	3600_series	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_3.1	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_3.1	Trust: 1.0
vendor:	cisco	model:	application & content networking software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content distribution manager 4670	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content router	scope:	eq	version:	4450	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.1	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.0	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	4430	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3800	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3700	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3600	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	2800	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	2600	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73203.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73202.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5903.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5902.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5603.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5602.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5073.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5072.2.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4670	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4650	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4630	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.2.3.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1.13.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1.11.6	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.17.6	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.11	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.2.3.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.2.1.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.1.13.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.1.11.6	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.0.17.6	Trust: 0.3

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // BID: 12648 // CNNVD: CNNVD-200502-094 // NVD: CVE-2005-0598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0598
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#579240
value:	3.47
Trust: 0.8
CARNEGIE MELLON:	VU#360296
value:	3.47
Trust: 0.8
CNNVD:	CNNVD-200502-094
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11807
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-0598
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11807
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // VULHUB: VHN-11807 // CNNVD: CNNVD-200502-094 // NVD: CVE-2005-0598

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200502-094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200502-094

EXTERNAL IDS

db:	SECUNIA	id:	14395	Trust: 3.3
db:	BID	id:	12648	Trust: 2.8
db:	CERT/CC	id:	VU#579240	Trust: 2.5
db:	NVD	id:	CVE-2005-0598	Trust: 2.0
db:	SECTRACK	id:	1013286	Trust: 1.6
db:	XF	id:	19469	Trust: 1.4
db:	OSVDB	id:	14122	Trust: 0.8
db:	XF	id:	19468	Trust: 0.8
db:	OSVDB	id:	14121	Trust: 0.8
db:	CERT/CC	id:	VU#360296	Trust: 0.8
db:	CNNVD	id:	CNNVD-200502-094	Trust: 0.7
db:	CISCO	id:	20050224 ACNS DENIAL OF SERVICE AND DEFAULT ADMIN PASSWORD VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-11807	Trust: 0.1

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // VULHUB: VHN-11807 // BID: 12648 // CNNVD: CNNVD-200502-094 // NVD: CVE-2005-0598

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml	Trust: 3.3
url:	http://secunia.com/advisories/14395	Trust: 2.5
url:	http://www.securityfocus.com/bid/12648	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/579240	Trust: 1.7
url:	http://securitytracker.com/alerts/2005/feb/1013286.html	Trust: 1.6
url:	http://xforce.iss.net/xforce/xfdb/19469	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/19469	Trust: 1.1
url:	http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns51/deploy51/51stream.htm#wp1039106	Trust: 0.8
url:	http://secunia.com/advisories/14395/	Trust: 0.8
url:	http://osvdb.org/displayvuln.php?osvdb_id=14122	Trust: 0.8
url:	http://www.securityfocus.com/bid/12648	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/19468	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=14121	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/conntsw/ps491/	Trust: 0.3
url:	/archive/1/391426	Trust: 0.3

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // VULHUB: VHN-11807 // BID: 12648 // CNNVD: CNNVD-200502-094 // NVD: CVE-2005-0598

CREDITS

Cisco

Trust: 0.6

sources: CNNVD: CNNVD-200502-094

SOURCES

db:	CERT/CC	id:	VU#579240
db:	CERT/CC	id:	VU#360296
db:	VULHUB	id:	VHN-11807
db:	BID	id:	12648
db:	CNNVD	id:	CNNVD-200502-094
db:	NVD	id:	CVE-2005-0598

LAST UPDATE DATE

2024-08-14T14:22:58.804000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#579240	date:	2005-03-10T00:00:00
db:	CERT/CC	id:	VU#360296	date:	2005-06-08T00:00:00
db:	VULHUB	id:	VHN-11807	date:	2018-10-30T00:00:00
db:	BID	id:	12648	date:	2015-03-19T08:21:00
db:	CNNVD	id:	CNNVD-200502-094	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0598	date:	2018-10-30T16:25:18.480

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#579240	date:	2005-03-10T00:00:00
db:	CERT/CC	id:	VU#360296	date:	2005-06-08T00:00:00
db:	VULHUB	id:	VHN-11807	date:	2005-02-24T00:00:00
db:	BID	id:	12648	date:	2005-02-24T00:00:00
db:	CNNVD	id:	CNNVD-200502-094	date:	2005-02-24T00:00:00
db:	NVD	id:	CVE-2005-0598	date:	2005-02-24T05:00:00