Vulnerability Note VU#245190

Cisco CatOS TCP ACK handling vulnerability

Original Release date: 15 Jun 2004 | Last revised: 16 Jul 2004


A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device.


Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed connection attempts may allow a remote attacker to cause a denial of service on an affected device. According to the Cisco advisory on this issue:

A TCP-ACK DoS attack is conducted by not sending the regular final ACK required for a 3-way TCP handshake to complete, and instead sending an invalid response to move the connection to an invalid TCP state. This attack can be initiated from a remote spoofed source.

Cisco states that any of the supported externally-facing TCP services supported on CatOS, i.e.,Telnet, SSH, or HTTP, may be used to exploit this vulnerability.


A remote attacker may cause the affected devices to stop functioning and reload.


Apply a patch from the vendor

Upgraded versions of the software that include fixes for this vulnerability are available. Please see the Cisco advisory for more details.


In addition to patched versions of the affected software, Cisco has published several workarounds in their advisory. Sites, particularly those that are unable to apply the patches, are encouraged to consider implementing these workarounds.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cisco Systems Inc.Affected09 Jun 200409 Jun 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Chad R Dougherty based on information provided by Cisco Systems.

Other Information

  • CVE IDs: CAN-2004-0551
  • Date Public: 09 Jun 2004
  • Date First Published: 15 Jun 2004
  • Date Last Updated: 16 Jul 2004
  • Severity Metric: 4.50
  • Document Revision: 17


If you have feedback, comments, or additional information about this vulnerability, please send us email.