CVE-2008-1150Uncontrolled Resource Consumption in Cisco IOS

CWE-3994 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.9%
top 24.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 27
Latest updateMay 1

Description

The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios12.2

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-pr6f-qw3p-2x8q: The virtual private dial-up network (VPDN) component in Cisco IOS before 122022-05-01
CVEList
CVE-2008-1150: The virtual private dial-up network (VPDN) component in Cisco IOS before 122008-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability2008-03-26
CVE-2008-1150 — Uncontrolled Resource Consumption | cvebase