Cisco IOS PPTP Packet Remote DoS (Bug ID CSCdt46181)

medium Nessus Network Monitor Plugin ID 2204

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. PPTP implementation using Cisco IOS software releases contains a vulnerability that will crash a router if it receives a malformed or crafted PPTP packet. To expose this vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No additional special conditions are required. An attacker may use this issue to prevent a network from working properly. This vulnerability is documented as Cisco Bug ID CSCdt46181

Solution

http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html

Plugin Details

Severity: Medium

ID: 2204

Family: SNMP

Published: 9/3/2004

Updated: 3/6/2019

Nessus ID: 10979

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Reference Information

CVE: CVE-2001-1183

BID: 3022