search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cisco CatOS TCP ACK handling vulnerability

Vulnerability Note VU#245190

Original Release Date: 2004-06-15 | Last Revised: 2004-07-16


A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device.


Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed connection attempts may allow a remote attacker to cause a denial of service on an affected device. According to the Cisco advisory on this issue:

A TCP-ACK DoS attack is conducted by not sending the regular final ACK required for a 3-way TCP handshake to complete, and instead sending an invalid response to move the connection to an invalid TCP state. This attack can be initiated from a remote spoofed source.

Cisco states that any of the supported externally-facing TCP services supported on CatOS, i.e.,Telnet, SSH, or HTTP, may be used to exploit this vulnerability.


A remote attacker may cause the affected devices to stop functioning and reload.


Apply a patch from the vendor

Upgraded versions of the software that include fixes for this vulnerability are available. Please see the Cisco advisory for more details.


In addition to patched versions of the affected software, Cisco has published several workarounds in their advisory. Sites, particularly those that are unable to apply the patches, are encouraged to consider implementing these workarounds.

Vendor Information


Cisco Systems Inc. Affected

Notified:  June 09, 2004 Updated: June 09, 2004



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Cisco Systems, Inc. has published Cisco Security Advisory cisco-sa-20040609-catos in response to this issue. Users are encouraged to review this advisory and apply the updated software it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Chad R Dougherty based on information provided by Cisco Systems.

Other Information

CVE IDs: CVE-2004-0551
Severity Metric: 4.50
Date Public: 2004-06-09
Date First Published: 2004-06-15
Date Last Updated: 2004-07-16 14:08 UTC
Document Revision: 18

Sponsored by CISA.