CVE-2004-1464
Published: 31 December 2004
Summary
CVE-2004-1464 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Cisco Ios. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 15.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Cisco IOS versions 12.2(15) and earlier are affected by a vulnerability that allows remote attackers to trigger a denial of service by sending a crafted TCP connection to the Telnet or reverse Telnet port, resulting in refused VTY virtual terminal connections. The flaw is tracked as CWE-400 and assigned a CVSS 3.1 score of 5.9 reflecting network attack vector, high complexity, and high impact to availability with no impact to confidentiality or integrity.
An unauthenticated attacker with network reachability can open a specially formed TCP session to the Telnet service and thereby exhaust connection resources, blocking subsequent legitimate administrative access via VTY lines.
Vendor and third-party advisories, including the Cisco security advisory published in August 2004, direct administrators to apply the corresponding IOS software updates that correct Telnet session handling and to restrict exposure of the service where possible through access controls.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2004-1458
Vulnerability details
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
- CWE(s)
- KEV Date Added
- 19 May 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor IOS software updates that correct the Telnet session-handling flaw described in the CVE.
Enforces boundary controls that restrict network exposure of the Telnet/reverse-Telnet ports to only authorized addresses, blocking the unauthenticated crafted-TCP DoS vector.
Requires explicit authorization and control of remote CLI access methods such as Telnet, limiting the attack surface that the CVE exploits.