A vulnerability exists in the Data-Link Switching (DLSw) feature within Cisco IOS software where an invalid value in a DLSw capabilities exchange message may result in a crash of the affected device and repeated attempts to exploit this vulnerability could result in a sustained Denial of Service (DoS) condition.Devices running vulnerable IOS software affected by this vulnerability can be exploited remotely by an unauthenticated attacker. The threat vector used to exploit this vulnerability is through the Transmission Control Protocol (TCP) using ports TCP/2065 or TCP/2067 and requires the ability to establish a DLSw connection to the affected device. This vulnerability is not covered by a CVE ID.
This document contains information to assist Cisco customers in identifying and mitigating attempts to exploit the DLSw Vulnerability. The vulnerability described in this document affects devices running Cisco IOS software and having DLSwdlsw enabled
Vendors (Listed Alphabetically):
Advertising Info |
Contact Us |
Submit a White Paper