Details of VAR-200505-0196

ID

VAR-200505-0196

CVE

CVE-2005-0597

TITLE

Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets

Trust: 0.8

sources: CERT/CC: VU#579240

DESCRIPTION

Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection.". This issue is due to a failure of the affected software to properly handle malformed network data. Specifically, multiple denial of service vulnerabilities and a single default administrator password issues were reported. The default password issue may allow an unauthorized user to gain administrator access to an affected device

Trust: 2.7

sources: NVD: CVE-2005-0597 // CERT/CC: VU#579240 // CERT/CC: VU#360296 // BID: 12648 // VULHUB: VHN-11806

AFFECTED PRODUCTS

vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	application and content networking software	scope:	lt	version:	5.1.11.6	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	lt	version:	5.0.17.6	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	gte	version:	5.1	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	gte	version:	5.0	Trust: 1.0
vendor:	cisco	model:	application & content networking software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.3	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.1	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.17.5	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.5	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.1.11.5	Trust: 0.6
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.1	Trust: 0.6
vendor:	cisco	model:	content router	scope:	eq	version:	4450	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.1	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.0	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	4430	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3800	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3700	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3600	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	2800	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	2600	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	7325	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73203.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73202.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	7320	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5903.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5902.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	590	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	565	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5603.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5602.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	560	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	510	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5073.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5072.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	507	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4670	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4650	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4630	Trust: 0.3
vendor:	cisco	model:	content delivery manager	scope:	eq	version:	4650	Trust: 0.3
vendor:	cisco	model:	content delivery manager	scope:	eq	version:	4630	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.2.3.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1.13.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1.11.6	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.17.6	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.11	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.2.3.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.2.1.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.1.13.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.1.11.6	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.0.17.6	Trust: 0.3

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // BID: 12648 // CNNVD: CNNVD-200505-354 // NVD: CVE-2005-0597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0597
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#579240
value:	3.47
Trust: 0.8
CARNEGIE MELLON:	VU#360296
value:	3.47
Trust: 0.8
CNNVD:	CNNVD-200505-354
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11806
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-0597
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11806
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // VULHUB: VHN-11806 // CNNVD: CNNVD-200505-354 // NVD: CVE-2005-0597

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0597

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-354

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200505-354

EXTERNAL IDS

db:	SECUNIA	id:	14395	Trust: 3.3
db:	BID	id:	12648	Trust: 2.8
db:	NVD	id:	CVE-2005-0597	Trust: 2.0
db:	SECTRACK	id:	1013286	Trust: 1.6
db:	XF	id:	19469	Trust: 0.8
db:	OSVDB	id:	14122	Trust: 0.8
db:	CERT/CC	id:	VU#579240	Trust: 0.8
db:	XF	id:	19468	Trust: 0.8
db:	OSVDB	id:	14121	Trust: 0.8
db:	CERT/CC	id:	VU#360296	Trust: 0.8
db:	CNNVD	id:	CNNVD-200505-354	Trust: 0.7
db:	CISCO	id:	20050224 ACNS DENIAL OF SERVICE AND DEFAULT ADMIN PASSWORD VULNERABILITIES	Trust: 0.6
db:	XF	id:	19466	Trust: 0.6
db:	VULHUB	id:	VHN-11806	Trust: 0.1

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // VULHUB: VHN-11806 // BID: 12648 // CNNVD: CNNVD-200505-354 // NVD: CVE-2005-0597

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml	Trust: 3.3
url:	http://secunia.com/advisories/14395	Trust: 2.5
url:	http://www.securityfocus.com/bid/12648	Trust: 1.7
url:	http://securitytracker.com/alerts/2005/feb/1013286.html	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/19466	Trust: 1.1
url:	http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns51/deploy51/51stream.htm#wp1039106	Trust: 0.8
url:	http://secunia.com/advisories/14395/	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/19469	Trust: 0.8
url:	http://osvdb.org/displayvuln.php?osvdb_id=14122	Trust: 0.8
url:	http://www.securityfocus.com/bid/12648	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/19468	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=14121	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/19466	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/conntsw/ps491/	Trust: 0.3
url:	/archive/1/391426	Trust: 0.3

sources: CERT/CC: VU#579240 // CERT/CC: VU#360296 // VULHUB: VHN-11806 // BID: 12648 // CNNVD: CNNVD-200505-354 // NVD: CVE-2005-0597

CREDITS

Cisco

Trust: 0.6

sources: CNNVD: CNNVD-200505-354

SOURCES

db:	CERT/CC	id:	VU#579240
db:	CERT/CC	id:	VU#360296
db:	VULHUB	id:	VHN-11806
db:	BID	id:	12648
db:	CNNVD	id:	CNNVD-200505-354
db:	NVD	id:	CVE-2005-0597

LAST UPDATE DATE

2024-08-14T14:22:58.727000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#579240	date:	2005-03-10T00:00:00
db:	CERT/CC	id:	VU#360296	date:	2005-06-08T00:00:00
db:	VULHUB	id:	VHN-11806	date:	2018-09-26T00:00:00
db:	BID	id:	12648	date:	2015-03-19T08:21:00
db:	CNNVD	id:	CNNVD-200505-354	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0597	date:	2018-09-26T15:32:56.850

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#579240	date:	2005-03-10T00:00:00
db:	CERT/CC	id:	VU#360296	date:	2005-06-08T00:00:00
db:	VULHUB	id:	VHN-11806	date:	2005-05-02T00:00:00
db:	BID	id:	12648	date:	2005-02-24T00:00:00
db:	CNNVD	id:	CNNVD-200505-354	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-0597	date:	2005-05-02T04:00:00