Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0813Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.1HIGHNVD
EPSS
10.1%
top 6.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedAug 12
Latest updateApr 30

Description

Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios11.1, 11.2, 11.3+2

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

1
GHSA
GHSA-g78g-q326-8w9f: Heap-based buffer overflow in the TFTP server capability in Cisco IOS 112022-04-30

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 11.x - TFTP Server Long File Name Buffer Overflow2002-07-26

📋Vendor Advisories

2
Cisco
TFTP Long Filename Vulnerability2002-07-30
Cisco
TFTP Long Filename Vulnerability
CVE-2002-0813 — Cisco IOS vulnerability | cvebase