Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0380 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.1HIGHNVD

EPSS

85.1%

top 0.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco IOS

Timeline

PublishedApr 26

Latest updateApr 30

Description

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios39 versions+38

🔴Vulnerability Details

GHSA

GHSA-g22v-2gp9-xpmh: The IOS HTTP service in Cisco routers and switches running IOS 11↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Cisco IOS 11.x/12.x - HTTP %%↗2000-04-26

▶

Metasploit

Cisco IOS HTTP GET /%% Request Denial of Service↗

▶