Multiple Cisco Products TCP Flood Denial of Service Vulnerability

ID CISCO-SA-20150529-CVE-2015-0744
Type cisco
Reporter Cisco
Modified 2015-05-29T21:35:14


A vulnerability in the TCP module of multiple Cisco products could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition.

The vulnerability is due to a lack of rate limiting in the TCP listener application. An attacker could exploit this vulnerability by sending a TCP SYN flood or DoS traffic stream to a targeted device. An exploit could allow the attacker to block TCP listening ports and exhaust system resources such as CPU and memory.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, an attacker may need access to trusted, internal networks to send a TCP SYN flood or DoS traffic stream to the affected device. This access requirement may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.