Cisco Content Switching Modules denial of service

cisco-content-switching-dos (36453) The risk level is classified as LowLow Risk

Description:

The Cisco Content Switching Modules (CSM) and Cisco Content Switching Module with SSL (CSM-S) are vulnerable to a denial of service. When service termination is enabled and the module is experiencing large volumes of activity, a remote attacker could exploit this vulnerability to cause the module to become unresponsive, resulting in a denial of service.

Platforms Affected:

  • Cisco, Content Switching Module 4.2
  • Cisco, Content Switching Module with SSL 2.1

Remedy:

Refer to cisco-sa-20070905-csm for patch, upgrade or suggested workaround information. See References.

Consequences:

Denial of Service

References:

  • cisco-sa-20070905-csm, Denial of Service Vulnerabilities in Content Switching Module at http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml.
  • BID-25547: Cisco Content Switching Modules Multiple Remote Denial of Service Vulnerabilities
  • CVE-2007-4789: Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876.
  • SA26724: Cisco Catalyst Content Switching Modules Denial of Service Vulnerabilities
  • SECTRACK ID: 1018654: Cisco Content Switching Module TCP Packet and Service Termination Bugs Let Remote Users Deny Service
  • VUPEN/ADV-2007-3062: Cisco Content Switching Module Multiple Remote Denial of Serice Vulnerabilities

Reported:

Sep 05, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page