Vulnerabilities > CVE-2001-1183 - Denial of Service vulnerability in Cisco IOS Malformed PPTP Packet
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 13 |
Nessus
NASL family CISCO NASL id CSCDT46181.NASL description Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. PPTP implementation using Cisco IOS software releases contains a vulnerability that will crash a router if it receives a malformed or crafted PPTP packet. To expose this vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No additional special conditions are required. An attacker may use this issue to prevent your network from working properly. This vulnerability is documented as Cisco Bug ID CSCdt46181. last seen 2020-06-01 modified 2020-06-02 plugin id 10979 published 2002-06-05 reporter This script is (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10979 title Cisco IOS Malformed PPTP Packet Remote DoS (CSCdt46181) code # # (C) Tenable Network Security, Inc. # # Script audit and contributions from Carmichael Security # Erik Anderson <[email protected]> (nb: domain no longer exists) # Added BugtraqID and CVE # include("compat.inc"); if(description) { script_id(10979); script_version("1.21"); script_cve_id("CVE-2001-1183"); script_bugtraq_id(3022); script_name(english:"Cisco IOS Malformed PPTP Packet Remote DoS (CSCdt46181)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch." ); script_set_attribute(attribute:"description", value: "Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. PPTP implementation using Cisco IOS software releases contains a vulnerability that will crash a router if it receives a malformed or crafted PPTP packet. To expose this vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No additional special conditions are required. An attacker may use this issue to prevent your network from working properly. This vulnerability is documented as Cisco Bug ID CSCdt46181." ); script_set_attribute(attribute:"solution", value: "http://www.nessus.org/u?1583fe45" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2002/06/05"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/07/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios"); script_end_attributes(); script_summary(english:"Uses SNMP to determine if a flaw is present"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2002-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("snmp_sysDesc.nasl", "snmp_cisco_type.nasl"); script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model"); exit(0); } # The code starts here ok=0; os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0); hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0); # Check for the required operating system... #---------------------------------------------------------------- # Is this IOS ? if(!egrep(pattern:".*(Internetwork Operating|IOS).*", string:os))exit(0); # 12.1E if(egrep(string:os, pattern:"(12\.1\([0-8]\)|12\.1)E[0-9]*,"))ok=1; # 12.1EZ if(egrep(string:os, pattern:"((12\.1\([0-5]\)|12\.1)EZ[0-9]*|12\.1\(6\)EZ[0-1]),"))ok=1; # 12.1T if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)T[0-9]*,"))ok=1; # 12.1XM if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)XM[0-9]*|12\.1\(5\)XM[0-3]),"))ok=1; # 12.1XV if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)XV[0-9]*|12\.1\(5\)XV[0-2]),"))ok=1; # 12.1YA if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)YA[0-9]*,"))ok=1; # 12.1YB if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)YB[0-9]*|12\.1\(5\)YB[0-3]),"))ok=1; # 12.1YC if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)YC[0-9]*|12\.1\(5\)YC[0-0]),"))ok=1; # 12.1YD if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)YD[0-9]*|12\.1\(5\)YD[0-1]),"))ok=1; # 12.2 if(egrep(string:os, pattern:"(12\.2\([0-2]\)|12\.2),"))ok=1; # 12.2T if(egrep(string:os, pattern:"(12\.2\([0-3]\)|12\.2)T[0-9]*,"))ok=1; # 12.2XA if(egrep(string:os, pattern:"(12\.2\([0-1]\)|12\.2)XA[0-9]*,"))ok=1; # 12.2XD if(egrep(string:os, pattern:"((12\.2\([0-0]\)|12\.2)XD[0-9]*|12\.2\(1\)XD[0-0]),"))ok=1; # 12.2XE if(egrep(string:os, pattern:"(12\.2\([0-0]\)|12\.2)XE[0-9]*,"))ok=1; # 12.2XH if(egrep(string:os, pattern:"(12\.2\([0-0]\)|12\.2)XH[0-9]*,"))ok=1; # 12.2XQ if(egrep(string:os, pattern:"(12\.2\([0-0]\)|12\.2)XQ[0-9]*,"))ok=1; #---------------------------------------------- if(ok)security_warning(port:161, proto:"udp");NASL family CISCO NASL id CISCO-SA-20010712-PPTPHTTP.NASL description Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. PPTP implementation using Cisco IOS software releases contains a vulnerability that will crash a router if it receives a malformed or crafted PPTP packet. To expose this vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No additional special conditions are required. This vulnerability is present in all Cisco IOS releases that support PPTP. PPTP is supported in the following software releases: No other Cisco product is vulnerable. There is no workaround for this vulnerability. last seen 2019-10-28 modified 2010-09-01 plugin id 48958 published 2010-09-01 reporter This script is (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48958 title Cisco IOS PPTP Vulnerability - Cisco Systems code #TRUSTED a2c848e0ecf52185ad933a07ab37202bbd9bd9b4d71062fa732d08d53b9f70f130e23e0d0b4a17b27b73637fcccbc320b95c0e3be05f23fe0f98ae00934362e3ff5f778a82a8f52da13dc8d5b12a20137547c25074ef15d4b73418302b4a0870c8ae9c5a8b70d6dc48982ef9c6bab174ca157892ccba8ac6fdba43e0a2806416c95a5a77840fa9a69adddf8a4127ec261e9df2e2d33cd80327ca817cee5b41007c975bb2b2f05eae40cd47f4784f4a40c26ab1b031dbcfa011ae147663db1dad18863e5c396ce20c10bddac8c745e933d737908ac25bed7dcad101ee460c4b9a2e0071d92939e42add962e628a3af4f29f32545fd2badb93bdc1d111589775b98a5cc4c2c35335ca0f5b76515d80affe9d7b827f44e091284646c3c5f838070cd32c492c2df938c9f279ef02e0d9eba1242a1934c0ba3f490f7d7ecd0c8f751b2de28dc51e72fca3fc844c417699f543774e71b192da7577c3d9f8f9143b2b21f49cb351fdf889fe21ee81a192a723782a6bf4526336e03b465e3f3d04be80a80470280ab7caebfeea4b6c7db8f5dcfcc63160bc71641f4691387f92c9c43096f27d5381bdfe183e8ff55fb4a4a2b07a5c80c1a2664ffa84df8a333fb94b496ed7a41b8d8c09a712ceebdf3057e2e7209849a23e1897ff78dedaf135dbf8e8daef1ed1c34783b633e49c8a87a882658c3eb2e8300a874cb7728a448601a8cf4e # # (C) Tenable Network Security, Inc. # # Security advisory is (C) CISCO, Inc. # See https://www.cisco.com/en/US/products/products_security_advisory09186a00800b1695.shtml include("compat.inc"); if (description) { script_id(48958); script_version("1.17"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2001-1183"); script_bugtraq_id(3022); script_xref(name:"CERT", value:"656315"); script_xref(name:"CISCO-BUG-ID", value:"CSCdt46181"); script_xref(name:"CISCO-SA", value:"cisco-sa-20010712-pptp"); script_name(english:"Cisco IOS PPTP Vulnerability - Cisco Systems"); script_summary(english:"Checks IOS version"); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. PPTP implementation using Cisco IOS software releases contains a vulnerability that will crash a router if it receives a malformed or crafted PPTP packet. To expose this vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No additional special conditions are required. This vulnerability is present in all Cisco IOS releases that support PPTP. PPTP is supported in the following software releases: No other Cisco product is vulnerable. There is no workaround for this vulnerability."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010712-pptp script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e4797061"); # https://www.cisco.com/en/US/products/products_security_advisory09186a00800b1695.shtml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3a7dd2d"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20010712-pptp."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2001/07/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; report_extra = ""; version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); override = 0; # Affected: 12.1E if (check_release(version: version, patched: make_list("12.1(7a)E1", "12.1(8a)E", "12.1(9)E"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1EZ if (check_release(version: version, patched: make_list("12.1(6)EZ2") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1T if (deprecated_version(version, "12.1T")) { report_extra = '\nUpdate to 12.2(3) or later\n'; flag++; } # Affected: 12.1XM if (check_release(version: version, patched: make_list("12.1(5)XM4") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1XV if (check_release(version: version, patched: make_list("12.1(5)XV3") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1YA if (deprecated_version(version, "12.1YA")) { report_extra = '\nUpdate to 12.2(2)XB or later\n'; flag++; } # Affected: 12.1YB if (check_release(version: version, patched: make_list("12.1(5)YB4") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1YC if (check_release(version: version, patched: make_list("12.1(5)YC1") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1YD if (check_release(version: version, patched: make_list("12.1(5)YD2") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2 if (check_release(version: version, patched: make_list("12.2(1.1)", "12.2(3)"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2T if (check_release(version: version, patched: make_list("12.2(4)T") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XA if (check_release(version: version, patched: make_list("12.2(2)XA") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XD if (check_release(version: version, patched: make_list("12.2(1)XD1") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XE if (check_release(version: version, patched: make_list("12.2(1)XE") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XH if (check_release(version: version, patched: make_list("12.2(1)XH") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XQ if (check_release(version: version, patched: make_list("12.2(1)XQ") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } if (get_kb_item("Host/local_checks_enabled")) { if (flag) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config"); if (check_cisco_result(buf)) { if (preg(pattern:"protocol\s+pptp", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag) { security_warning(port:0, extra:report_extra + cisco_caveat(override)); exit(0); } else audit(AUDIT_HOST_NOT, "affected");