Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0567

CWE-20 — Improper Input Validation6 documents4 sources

Severity

7.8HIGH

EPSS

24.6%

top 3.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco IOS Cisco Optical Networking Systems Software

Timeline

PublishedAug 18

Latest updateApr 29

Description

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/ios169 versions+168

▶NVDcisco/optical_networking_systems_software6 versions+5

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-c4c9-f467-hxxv: Cisco IOS 11↗2022-04-29

▶

CVEList

CVE-2003-0567: Cisco IOS 11↗2003-07-25

▶

💥Exploits & PoCs

Exploit-DB

Cisco IOS - using hping Remote Denial of Service↗2003-07-22

▶

Exploit-DB

Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service↗2003-07-21

▶

Exploit-DB

Cisco IOS - IPv4 Packets Denial of Service↗2003-07-18

▶