{"vuid":"VU#245190","idnumber":"245190","name":"Cisco CatOS TCP ACK handling vulnerability","keywords":["Cisco","CatOS","TCP-ACK","DoS","denial of service"],"overview":"A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device.","clean_desc":"Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed connection attempts may allow a remote attacker to cause a denial of service on an affected device. According to the Cisco advisory on this issue: A TCP-ACK DoS attack is conducted by not sending the regular final ACK required for a 3-way TCP handshake to complete, and instead sending an invalid response to move the connection to an invalid TCP state. This attack can be initiated from a remote spoofed source. Cisco states that any of the supported externally-facing TCP services supported on CatOS, i.e.,Telnet, SSH, or HTTP, may be used to exploit this vulnerability.","impact":"A remote attacker may cause the affected devices to stop functioning and reload.","resolution":"Apply a patch from the vendor Upgraded versions of the software that include fixes for this vulnerability are available. Please see the Cisco advisory for more details.","workarounds":"Workarounds In addition to patched versions of the affected software, Cisco has published several workarounds in their advisory. Sites, particularly those that are unable to apply the patches, are encouraged to consider implementing these workarounds.","sysaffected":"","thanks":"Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.","author":"This document was written by Chad R Dougherty based on information provided by Cisco Systems.","public":["h","t","t","p",":","/","/","w","w","w",".","c","i","s","c","o",".","c","o","m","/","w","a","r","p","/","p","u","b","l","i","c","/","7","0","7","/","c","i","s","c","o","-","s","a","-","2","0","0","4","0","6","0","9","-","c","a","t","o","s",".","s","h","t","m","l"],"cveids":["CVE-2004-0551"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-06-09T17:43:50Z","publicdate":"2004-06-09T00:00:00Z","datefirstpublished":"2004-06-15T18:11:23Z","dateupdated":"2004-07-16T14:08:47Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"8","cam_attackeraccessrequired":"15","cam_scorecurrent":"4.5","cam_scorecurrentwidelyknown":"5.4","cam_scorecurrentwidelyknownexploited":"9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.5,"vulnote":null}