search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cisco IOS Firewall Authentication Proxy vulnerable to buffer overflow via specially crafted user authentication credentials

Vulnerability Note VU#236045

Original Release Date: 2005-09-07 | Last Revised: 2005-09-09


A buffer overflow vulnerability in Cisco IOS Firewall Authentication Proxy may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service.


Cisco IOS Firewall Authentication Proxy is a feature that allows network administrators to apply security policies on a per-user basis. The Firewall Authentication Proxy for FTP and Telnet Sessions feature for Cisco IOS provides proxy authentication for FTP and Telnet services.

Cisco IOS is vulnerable to a buffer overflow when processing user authentication credentials from an Authentication Proxy Telnet or FTP session. According to the Cisco Security Advisory, the following versions of Cisco IOS are affected:

    • 12.2ZH and 12.2ZL based trains
    • 12.3 based trains
    • 12.3T based trains
    • 12.4 based trains
    • 12.4T based trains


A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition on an affected system.


Apply a patch or upgradePlease refer to the "Software Versions and Fixes" section of the Cisco Security Advisory for more information on upgrading.

Disable Cisco IOS Firewall Authentication Proxy feature for Telnet/FTP sessions

Disabling the Cisco IOS Firewall Authentication Proxy feature for Telnet/FTP sessions is reported to prevent exploitation of this vulnerability. Please see the "Workarounds" section of the Cisco Security Advisory.

Vendor Information

Affected   Unknown   Unaffected

Cisco Systems, Inc.

Notified:  September 07, 2005 Updated:  September 07, 2005



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see the Cisco Security Advisory.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Will Dormann, based on the Cisco Security Advisory

Other Information

CVE IDs: None
Severity Metric: 21.87
Date Public: 2005-09-07
Date First Published: 2005-09-07
Date Last Updated: 2005-09-09 02:50 UTC
Document Revision: 12

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.