Vulnerability Note VU#656315
Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp
Overview
Cisco IOS contains a vulnerability that allows an intruder to crash the router.
Description
By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a port 1723, a control PPTP port, it is possible to crash the router. This vulnerability does not require special router configuration. Enabling PPTP is sufficient to expose the vulnerability. The router will crash after it receives a single packet. |
Impact
An intruder can cause a vulnerable router to crash. |
Solution
Upgrade to a later version of IOS as documented in the Cisco Advisory. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Cisco Systems Inc. | Affected | - | 29 Jul 2001 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html
- http://www.securityfocus.com/bid/3022
Credit
Thanks to Cisco for the information contained in their advisory, upon which this document is based.
This document was written by Shawn V. Hernan.
Other Information
- CVE IDs: CVE-2001-1183
- Date Public: 12 Jul 2001
- Date First Published: 29 Jul 2001
- Date Last Updated: 23 Feb 2004
- Severity Metric: 20.79
- Document Revision: 5
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.