Description
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
Affected products
- Cisco / cbos2.0.1 – 2.0.1
- Cisco / cbos2.1.0 – 2.1.0
- Cisco / cbos2.1.0a – 2.1.0a
- Cisco / cbos2.2.0 – 2.2.0
- Cisco / cbos2.2.1 – 2.2.1
- Cisco / cbos2.2.1a – 2.2.1a
- Cisco / cbos2.3 – 2.3
- Cisco / cbos2.3.2 – 2.3.2
- Cisco / cbos2.3.5 – 2.3.5
- Cisco / cbos2.3.5.015 – 2.3.5.015
- Cisco / cbos2.3.7 – 2.3.7
- Cisco / cbos2.3.7.002 – 2.3.7.002
- Cisco / cbos2.3.8 – 2.3.8
- Cisco / cbos2.3.9 – 2.3.9
- Cisco / cbos2.3_.053 – 2.3_.053
- Cisco / cbos2.4.1 – 2.4.1
- Cisco / cbos2.4.2 – 2.4.2
- Cisco / cbos2.4.2ap – 2.4.2ap
- Cisco / cbos2.4.2b – 2.4.2b
- Cisco / cbos2.4.3 – 2.4.3
- Cisco / cbos2.4.4 – 2.4.4
References
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/CBOS-DoS.shtml
- MISChttp://www.securityfocus.com/bid/4813
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/9152
- MISChttp://www.securityfocus.com/bid/4814
- MISChttp://www.iss.net/security_center/static/9153.php
- MISChttp://www.iss.net/security_center/static/9151.php
- MISChttp://www.securityfocus.com/bid/4815