Vulnerability Scanning Software Can Trigger Reload of Cisco IOS Configuration

Reported May 24, 2001, by Cisco Systems.


All Cisco products using the Internetwork Operating System (IOS), including (but not limited to):

  • 800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500, 4700, 6200, 6400 NRP, and 6400 NSP series Cisco routers

  • ubr900 and ubr920 universal broadband routers

  • Catalyst 2900 ATM, 2900XL, 2948g, 3500XL, 4232, 4840g, and 5000 RSFC series switches

  • 5200, 5300, and 5800 series access servers

  • Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor Module, and Catalyst ATM Blade

  • RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 10000 ESR, and 12000 GSR series Cisco routers

  • DistributedDirector

  • Catalyst 8510CSR, 8510MSR, 8540CSR, and 8540MSR series switches

A vulnerability exists in Cisco’s IOS that can cause a configuration reload. Security scanning software making a TCP connection to ports 3100-3999, 5100-5999, 7100-7999, and 10100-10999 causes the router to unexpectedly reload at the next show running-config, write memory, or access the configuration file. An attacker can’t configure Cisco IOS software to support any services that might listen at these port addresses, or accept connections on those ports. However, connection attempts to these ports in the affected version can cause memory corruption, later leading to an unexpected reload.



Cisco has issued a notice regarding this vulnerability.


Discovered by Cisco.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.