Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0984 — Cisco IOS vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

40.4%

top 2.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedDec 19

Latest updateApr 30

Description

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

▶NVDcisco/ios24 versions+23

GHSA

GHSA-fgvg-x8xj-8xq8: The HTTP server in Cisco IOS 12↗2022-04-30

▶

VulnCheck

Cisco IOS HTTP Server '?/' String Vulnerability↗2000

▶

Exploit-DB

Cisco IOS 12 - Software '?/' HTTP Request Denial of Service↗2000-10-25

▶