Executive Summary

Title Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
Name cisco-sa-20090923-ipsec First vendor Publication 2009-07-15
Vendor Cisco Last vendor Modification 2009-09-23
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Cisco IOS® devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions.

Cisco has released free software updates that address this vulnerability.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml

CPE : Common Platform Enumeration

Os 40

Open Source Vulnerability Database (OSVDB)

Id Description
58336 Cisco IOS Internet Key Exchange (IKE) Phase 1 SA Exhaustion DoS

Nessus® Vulnerability Scanner

Date Description
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090923-ipsechttp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 10:21:57
  • Multiple Updates