|
Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the DLSw... |
|
Wednesday, 10 January 2007 |
A vulnerability exists in the Data-Link Switching (DLSw) feature within Cisco IOS software where an invalid value in a DLSw capabilities exchange message may result in a crash of the affected device and repeated attempts to exploit this vulnerability could result in a sustained Denial of Service (DoS) condition. Devices running vulnerable IOS software affected by this vulnerability can be exploited remotely by an unauthenticated attacker. The threat vector used to exploit this vulnerability is through the Transmission Control Protocol (TCP) using ports TCP/2065 or TCP/2067 and requires the ability to establish a DLSw connection to the affected device. This vulnerability is not covered by a CVE ID.![]() |
Whether you're in need of a simple file-sharing solution or a solution for a standard nation-wide remote access solution, we can determine the solution best meets your needs, and implement it.