CVE-2008-1150
published 2008-03-27CVE-2008-1150: The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a…
high7.1CVSS 3.1
AVNACMAuNCNINAC
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | <= 12.2 | — |
| cisco | ios_virtual_private_dial-up_network | — | — |
Cisco
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
vendor_cisco·2008-03-26·CVSS 7.1
CVE-2008-1150 [HIGH] CWE-399 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN)
solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco
IOS releases prior to 12.3. PPTP is only one of the supported tunneling
protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of
PPTP session termination. The second vulnerability may consume all interface
descriptor blocks on the affected device because those devices will not reuse
virtual access interfaces. If these vulnerabilities are repeatedly exploited,
the memory and/or interface resources of the attacked device may be
depleted.
Cisco has made free software available to address these vu
Cisco
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
vendor_cisco·CVSS 0.0
CVE-2008-1150 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
CVE-2008-1150: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted. Cisco has made free software available to addr
GHSA
GHSA-pr6f-qw3p-2x8q: The virtual private dial-up network (VPDN) component in Cisco IOS before 12
ghsa_unreviewed·2022-05-01
CVE-2008-1150 [HIGH] GHSA-pr6f-qw3p-2x8q: The virtual private dial-up network (VPDN) component in Cisco IOS before 12
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/29507http://securitytracker.com/id?1019714http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtmlhttp://www.securityfocus.com/bid/28460http://www.us-cert.gov/cas/techalerts/TA08-087B.htmlhttp://www.vupen.com/english/advisories/2008/1006/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41484https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598http://secunia.com/advisories/29507http://securitytracker.com/id?1019714http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtmlhttp://www.securityfocus.com/bid/28460http://www.us-cert.gov/cas/techalerts/TA08-087B.htmlhttp://www.vupen.com/english/advisories/2008/1006/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41484https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598
2008-03-27
Published