Cisco IOS PPTP Packet Remote DoS (Bug ID CSCdt46181)

Medium Nessus Network Monitor Plugin ID 2204

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. PPTP implementation using Cisco IOS software releases contains a vulnerability that will crash a router if it receives a malformed or crafted PPTP packet. To expose this vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No additional special conditions are required. An attacker may use this issue to prevent a network from working properly. This vulnerability is documented as Cisco Bug ID CSCdt46181

Solution

http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html

Plugin Details

Severity: Medium

ID: 2204

File Name: 2204.prm

Family: SNMP

Published: 2004/09/03

Modified: 2017/01/31

Nessus ID: 10979

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2001-1183

BID: 3022

OSVDB: 802