Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0244 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation4 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
1.2%
top 21.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedNov 23
Latest updateApr 29

Description

Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages1 packages

â–¶NVDcisco/ios12.1e, 12.2sy, 12.2za+2

🔴Vulnerability Details

1
GHSA
GHSA-6wx2-xqp3-gggw: Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denia↗2022-04-29
â–¶

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 12 MSFC2 - Layer 2 Frame Denial of Service↗2004-02-03
â–¶
CVE-2004-0244 — Improper Input Validation in Cisco IOS | cvebase