← back
CVE-2004-1464

CVE-2004-1464

CVSS 5.9 MEDIUMEPSS 5.1%● KEVCWE-400
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.9EPSS 5.1%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 Feb 2005Published on NVD
19 May 2023Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

A flaw in Cisco IOS allows attackers to block legitimate users from connecting to network devices via Telnet by sending specially crafted network packets. This prevents administrators from managing the device remotely.

Technical detail

A resource exhaustion vulnerability in Cisco IOS 12.2(15) and earlier fails to properly handle malformed TCP connections to Telnet ports, causing VTY (virtual terminal) connection refusal. Remote unauthenticated attackers can trigger a denial of service condition affecting device management accessibility.

Summary generated and translated by AI from the official description.
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/12395/http://securitytracker.com/id?1011079https://exchange.xforce.ibmcloud.com/vulnerabilities/17131https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2004-1464http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtmlhttp://www.kb.cert.org/vuls/id/384230http://www.securityfocus.com/bid/11060