ID CVE-2008-1150
Summary The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
References
Vulnerable Configurations
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
CVSS
Base: 7.1 (as of 27-03-2008 - 20:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family CISCO
NASL id CISCO-SA-20080326-PPTPHTTP.NASL
description Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted. Cisco has made free software available to address these vulnerabilities for affected customers. There are no workarounds available to mitigate the effects of these vulnerabilities.
last seen 2019-02-21
modified 2018-11-15
plugin id 49013
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49013
title Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability - Cisco Systems
oval via4
accepted 2008-09-08T04:00:29.437-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
family ios
id oval:org.mitre.oval:def:5598
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS Virtual Private Dial-up Network (VPDN) Denial of Service (DoS) Vulnerability
version 3
refmap via4
bid 28460
cert TA08-087B
cisco 20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
sectrack 1019714
secunia 29507
vupen ADV-2008-1006
xf cisco-ios-vpdn-idb-dos(41484)
Last major update 07-03-2011 - 22:06
Published 27-03-2008 - 13:44
Last modified 28-09-2017 - 21:30
Back to Top