Denial of Service in Cisco IOS PPTP
A Denial of Service (DoS) vulnerability exists in Cisco’s IOS that can let a potential attacker crash the router by sending a malformed or crafted PPTP packet to port 1723.
July 17, 2001
Reported July 12, 2001, by CiscoSystems.
VERSIONS AFFECTED
· All Cisco Systems products using theInternetwork Operating System (IOS) releases that allow the Point to PointTunneling Protocol (PPTP)
DESCRIPTION
ADenial of Service (DoS) vulnerability exists in Cisco’s IOS that can let apotential attacker crash the router by sending a malformed or crafted PPTPpacket to port 1723. Although the router will crash after receiving just onepacket, the attacker can cause the DOS by repeatedly sending packets.
VENDOR RESPONSE
Ciscohas issued a noticeregarding this vulnerability. A workaround is to disable PPTP on the router.This vulnerability doesn't affect routers with PPTP disabled (as is thedefault). The company recommends that users obtain a firmware upgrade throughthe Software Center on Cisco's Web site orthrough Cisco's distribution channels.
CREDIT
Discovered by Cisco Systems.
About the Author
You May Also Like