Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0647Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
12.4%
top 6.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedAug 27
Latest updateApr 29

Description

Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/ios12.2

Patches

Patch: www.cisco.comPatch: www.kb.cert.orgPatch: www.cisco.com

🔴Vulnerability Details

1
GHSA
GHSA-3ppp-h4gc-mww4: Buffer overflow in the HTTP server for Cisco IOS 122022-04-29

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 12.x/11.x - HTTP Remote Integer Overflow2003-08-10
CVE-2003-0647 — Cisco IOS vulnerability | cvebase