TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
942
in large networks. Cisco devices (Cisco IOS versions Cisco, IOS 11.1(x)-11.3(x) and 12.0(x)-12.2) are vulnerable to a
denial of service attack. a remote attacker could send a malformed BGP 1)open or 2)update message to the vulnerable
device to cause the device to reload. This signature detects for Unknown message type.
Signature ID: 35435
Cisco IOS Malformed BGP Packet Causes Reload Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0589 Bugtraq: 10560
Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco System routers
and Cisco network switches. Border Gateway Protocol (BGP) is a routing protocol and designed to manage IP routing
in large networks. Cisco devices (Cisco IOS versions Cisco, IOS 11.1(x)-11.3(x) and 12.0(x)-12.2) are vulnerable to a
denial of service attack. a remote attacker could send a malformed BGP 1)open or 2)update message to the vulnerable
device to cause the device to reload. This signature detects for Invalid version.
Signature ID: 35436
Denial-of-Service of TCP-based Services in CatOS
Threat Level: Severe
Bugtraq: 8149
Signature Description: Cisco Catalyst (Cisco, Catalyst 4000, 5000, 6000 series) switches running Cisco Catalyst
Operating Software(Catos) are vulnerable to denial of service. By attempting to establish eight TCP connections using
a non-standard TCP flags combination "SF", a remote attacker can cause the stop responding to further TCP
connections to that particular service. The switch must be restarted in order for the TCP service to regain normal
functionality.
Signature ID: 35437
Cisco Aironet Telnet Service User Account Enumeration Weakness Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0512 Bugtraq: 8292
Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco routers and
switches. IOS is a package of routing, switching, internetworking and telecommunication functions tightly integrated
with a multitasking operating system. Cisco IOS (Cisco, IOS 12.2(4)JA and Prior) are vulnerable to denial of service. If
a remote attacker attempt to login, if the account is not valid, the server will displays the message "%Login invalid". If
a remote attacker attempt to login with an existing account, a remote attacker to obtain sensitive information. A remote
attacker could use brute force techniques to determine valid accounts.
Signature ID: 35438
Cisco IOS VTY Authentication Bypass Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4632
Bugtraq: 25482
Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco routers and Cisco
switches. IOS is a package of routing, switching, internetworking and telecommunication functions tightly integrated
with a multitasking operating system. Cisco IOS (Cisco IOS version 12.2 and Cisco Catalyst 3750 version 12.2(25)) is
prone to a remote authentication-bypass vulnerability because the software fails to properly ensure that password
authentication is required. If Authentication,Authorization and Accounting (AAA) is disabled, the "no login"
configuration is automatically added to an existing configured VTY/CON/AUX port. The "no login" configuration
directive tells the device to not require password authentication for remote VTY access. A remote attacker could
exploit this vulnerability and log into equipment through telnet and obtain sensitive information and gain administrative
access to affected devices.