CVE-2004-1464
MEDIUM severity · CVSS 5.9 · Uncontrolled resource consumption · actively exploited (CISA KEV)
5.9CVSS MEDIUM ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2023-05-19. US federal agencies must patch by 2023-06-09.
Summary
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)2%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Official patch: http://www.kb.cert.org/vuls/id/384230 ↗
Additional information
- NVD record
- http://www.kb.cert.org/vuls/id/384230Patch
- http://secunia.com/advisories/12395/Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtmlAdvisory
- http://secunia.com/advisories/12395/Advisory
- http://securitytracker.com/id?1011079Advisory
- http://www.securityfocus.com/bid/11060Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17131Advisory
- http://securitytracker.com/id?1011079Advisory