This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Two vulnerabilities exist in the virtual private dial-up network (VPDN)
solution when Point-to-Point Tunneling Protocol (PPTP) is used in
certain Cisco IOS releases prior to 12.3. PPTP is only one of the
supported tunneling protocols used to tunnel PPP frames within the VPDN
The first vulnerability is a memory leak that occurs as a result of
PPTP session termination. The second vulnerability may consume all
interface descriptor blocks on the affected device because those
devices will not reuse virtual access interfaces. If these
vulnerabilities are repeatedly exploited, the memory and/or interface
resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities
for affected customers.
There are no workarounds available to mitigate the effects of these
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true
Nessus Plugin ID: 49013 (cisco-sa-20080326-pptphttp.nasl)
Bugtraq ID: 28460
CVE ID: CVE-2008-1150CVE-2008-1151
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.