Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
2013-11-13T15:55:03.767
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.4 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:P/A:N
10.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | ios | ≤ 12.4\(24\)mdb14 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md | Yes |
| Operating System | cisco | ios | 12.4\(24\)md1 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md2 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md3 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md4 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md5 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md5a | Yes |
| Operating System | cisco | ios | 12.4\(24\)md6 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md7 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md8 | Yes |
| Operating System | cisco | ios | 12.4\(24\)md9 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda6 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda7 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda8 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda9 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda10 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda11 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda12 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mda13 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mdb10 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mdb11 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mdb12 | Yes |
| Operating System | cisco | ios | 12.4\(24\)mdb13 | Yes |
| Operating System | cisco | ios | 12.4mda12 | Yes |
| Hardware | cisco | content_services_gateway | - | Yes |