CVE-2009-0635

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.4

Description A memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. This issue can be triggered by sending a series of TCP packets to Cisco IOS devices configured as Easy VPN servers with the cTCP encapsulation feature. Cisco has released software updates to address this issue. As an alternative, the IPSec NAT traversal (NAT-T) feature can be used.

Recommendations For Cisco IOS version 12.4, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider using the IPSec NAT traversal (NAT-T) feature as an alternative to the cTCP encapsulation feature until a patch is available.