okay. how to disable UDP IP ID zero in CLI?

It is an artifact of the network stack used internally by IOS.

Searching the Cisco Security Advisories and Alerts page for that CVE gives no results:

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&keyword=CVE-2002-0510&sort=-day_sir#~Vulnerabilities

...which suggests that cisco didn't deem it a bug/ vulnerability.

cheers,

Seb.

Any cisco Bug id available?

There is a link to a pdf in the link Seb posted, which is a very interesting read...

The only bug I could find is the one below:

CVE-2002-0510 - ACE Linux vulnerable to UDP non-zero IP ID
CSCte37151
Description
Symptom:
ACE is vulnerable to CVE-2002-0510. Linux 2.4.x kernels keeps the IP Identification field at 0 for all
non-fragmented UDP packets

Conditions:
This can occur when connection-less udp sockets are used

Workaround:
NONE
Customer Visible

Notifications

Save Bug

Open Support Case
Was the description about this Bug Helpful?(2)
Details
Last Modified:
Jun 12,2018
Status:
Fixed
Severity:
3 Moderate
Product: (1)
Cisco ACE 4700 Series Application Control Engine Appliances
Support Cases:
3
Known Affected Releases: (1)
3.0(0)A2(1.2)
Known Fixed Releases: (1)
3.0(0)A4(1.0)

Thanks for update. shall i use no service udp-small-servers command.

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html - reference link

That command is enabled by default in IOS >12.0 .

I don't believe issuing it will stop your vulnerability scan from picking it up. Let us know.

yes. So what is the command to disable? 

Sorry, incorrect wording on my part, the command "no service udp-small-servers" is part of the default configuration on IOS >12.0