⚠ Actively exploited
Added to CISA KEV on 2023-05-19. Federal agencies required to patch by 2023-06-09. Required action: Apply updates per vendor instructions..

CVE-2004-1464Uncontrolled Resource Consumption in Cisco IOS

CWE-400Uncontrolled Resource ConsumptionCWE-3996 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
2.1%
top 15.93%
CISA KEV
KEV
Added 2023-05-19
Due 2023-06-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOSCisco Telnet
Timeline
PublishedDec 31
KEV addedMay 19
KEV dueJun 9
CISA Required Action: Apply updates per vendor instructions.

Description

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

ciscocisco/telnet
NVDcisco/ios12.2\(15\)zj3

Patches

Patch: www.kb.cert.orgPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-7757-mj68-c29v: Cisco IOS 122022-04-29
VulnCheck
Cisco IOS Denial-of-Service Vulnerability2004

📋Vendor Advisories

3
CISA
Cisco IOS Denial-of-Service Vulnerability2023-05-19
Cisco
Cisco Telnet Denial of Service Vulnerability2004-08-27
Cisco
Cisco Telnet Denial of Service Vulnerability
CVE-2004-1464 — Uncontrolled Resource Consumption | cvebase