CVE-2001-0754 in CBOSinfo

Summary

by MITRE

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 06/17/2019

Cisco CBOS versions 2.3.8 and earlier contain a critical vulnerability that enables remote attackers to induce a denial of service condition through carefully crafted ICMP ECHO REPLY packets. This vulnerability resides in the router's handling of ICMP traffic and represents a fundamental flaw in the system's packet processing logic that can be exploited without authentication. The flaw specifically affects the ROMMON monitoring environment, which is a critical bootstrap component of Cisco routers designed for system recovery and diagnostics. When an attacker sends a sequence of large ICMP ECHO REPLY packets to a vulnerable device, the system's memory management and packet parsing mechanisms become overwhelmed, causing the router to transition into ROMMON mode where normal packet forwarding operations cease entirely. This behavior aligns with CWE-129, which addresses improper validation of input ranges, and demonstrates how insufficient bounds checking in network protocol handling can lead to system instability. The vulnerability operates at the network layer of the OSI model, specifically targeting the Internet Control Message Protocol implementation within the router's operating system. From an operational perspective, this issue represents a severe threat to network availability as it allows an attacker to completely disable network forwarding capabilities of affected routers, potentially causing widespread service disruption across connected networks. The impact extends beyond simple denial of service as the transition to ROMMON mode typically requires manual intervention to restore normal operations, including potential reconfiguration or firmware reinstallation. The vulnerability's exploitability is particularly concerning given that ICMP ECHO REPLY packets are commonly transmitted and often not filtered by network security devices, making it accessible to attackers with minimal network access requirements. This weakness directly maps to ATT&CK technique T1498, which describes denial of service attacks targeting network infrastructure, and represents a classic example of how protocol implementation flaws can be leveraged for system compromise. The affected Cisco CBOS versions demonstrate a lack of proper input sanitization and memory management controls, where the system fails to properly handle oversized ICMP packets that exceed normal network traffic parameters. Network administrators should consider implementing ingress filtering and ICMP rate limiting measures as temporary mitigations while planning for firmware upgrades to patched versions that address this fundamental flaw in the packet processing pipeline. The vulnerability highlights the importance of robust input validation in network operating systems and demonstrates how seemingly benign network protocols can be weaponized to compromise system stability and availability.

Disclosure

10/18/2001

Moderation

accepted

Entry

VDB-17517

CPE

ready

EPSS

0.01291

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!