Denial of Service in Cisco IOS PPTP

A Denial of Service (DoS) vulnerability exists in Cisco’s IOS that can let a potential attacker crash the router by sending a malformed or crafted PPTP packet to port 1723.

Ken Pfeil

July 17, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported July 12, 2001, by CiscoSystems.

VERSIONS AFFECTED

·        All Cisco Systems products using theInternetwork Operating System (IOS) releases that allow the Point to PointTunneling Protocol (PPTP)

 

DESCRIPTION
ADenial of Service (DoS) vulnerability exists in Cisco’s IOS that can let apotential attacker crash the router by sending a malformed or crafted PPTPpacket to port 1723. Although the router will crash after receiving just onepacket, the attacker can cause the DOS by repeatedly sending packets.

 

VENDOR RESPONSE

Ciscohas issued a noticeregarding this vulnerability. A workaround is to disable PPTP on the router.This vulnerability doesn't affect routers with PPTP disabled (as is thedefault). The company recommends that users obtain a firmware upgrade throughthe Software Center on Cisco's Web site orthrough Cisco's distribution channels.

 

CREDIT
Discovered by Cisco Systems.

 

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like