Reported July 12, 2001, by Cisco Systems.
· All Cisco Systems products using the Internetwork Operating System (IOS) releases that allow the Point to Point Tunneling Protocol (PPTP)
A Denial of Service (DoS) vulnerability exists in Cisco’s IOS that can let a potential attacker crash the router by sending a malformed or crafted PPTP packet to port 1723. Although the router will crash after receiving just one packet, the attacker can cause the DOS by repeatedly sending packets.
Cisco has issued a notice regarding this vulnerability. A workaround is to disable PPTP on the router. This vulnerability doesn't affect routers with PPTP disabled (as is the default). The company recommends that users obtain a firmware upgrade through the Software Center on Cisco's Web site or through Cisco's distribution channels.
Discovered by Cisco Systems.