CVE-2013-5481Improper Input Validation in Cisco IOS

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.5%
top 32.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 27
Latest updateMay 17

Description

The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-gcwq-j7rq-m534: The PPTP implementation in Cisco IOS 122022-05-17
CVEList
CVE-2013-5481: The PPTP implementation in Cisco IOS 122013-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS Software Network Address Translation Vulnerabilities2013-09-25
CVE-2013-5481 — Improper Input Validation in Cisco IOS | cvebase