Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5381Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
59.5%
top 1.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedOct 12
Latest updateMay 1

Description

Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios1429 versions+1428

🔴Vulnerability Details

2
GHSA
GHSA-7g8w-349p-fmqf: Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 122022-05-01
CVEList
CVE-2007-5381: Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 122007-10-12

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow2007-10-10
CVE-2007-5381 — Cisco IOS vulnerability | cvebase