{"vuid":"VU#656315","idnumber":"656315","name":"Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp","keywords":["Cisco IOS","Point to Point Tunneling Protocol","PPTP packet","DoS","denial of service","port 1723","port 1723/tcp","CSCdt46181"],"overview":"Cisco IOS contains a vulnerability that allows an intruder to crash the router.","clean_desc":"By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a port 1723, a control PPTP port, it is possible to crash the router. This vulnerability does not require special router configuration. Enabling PPTP is sufficient to expose the vulnerability. The router will crash after it receives a single packet. For more information, see the Cisco Advisory.","impact":"An intruder can cause a vulnerable router to crash.","resolution":"Upgrade to a later version of IOS as documented in the Cisco Advisory.","workarounds":"","sysaffected":"","thanks":"Thanks to Cisco for the information contained in their advisory, upon which this document is based.","author":"This document was written by Shawn V. Hernan.","public":["http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html","http://www.securityfocus.com/bid/3022"],"cveids":["CVE-2001-1183"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-07-12T15:36:18Z","publicdate":"2001-07-12T00:00:00Z","datefirstpublished":"2001-07-29T04:23:03Z","dateupdated":"2004-02-23T22:41:55Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"20.79","cam_scorecurrentwidelyknown":"22.05","cam_scorecurrentwidelyknownexploited":"34.65","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":20.79,"vulnote":null}