CVE-2003-0567

Cisco IOS 11.x and 12.0-12.2 - Denial of Service via IPv4 Packet Sequence

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-0567. PoCs published by zerash, Martin Kluge, l0cK.

AI-analyzed exploit summary This script is a remote DoS exploit for CVE-2003-0567, targeting Cisco IOS devices by sending malformed IP packets with protocol 53 (SWIPE) using hping. It requires root privileges or a setuid binary to open raw sockets.

Description

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.

Exploits (3)

exploitdb WORKING POC VERIFIED
by zerash · doshardware
https://www.exploit-db.com/exploits/62

This script is a remote DoS exploit for CVE-2003-0567, targeting Cisco IOS devices by sending malformed IP packets with protocol 53 (SWIPE) using hping. It requires root privileges or a setuid binary to open raw sockets.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Cisco IOS (all versions)
No auth needed
Prerequisites: tcsh · hping · root privileges or setuid binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Martin Kluge · cdoshardware
https://www.exploit-db.com/exploits/60

This exploit targets a Cisco IOS vulnerability (CVE-2003-0567) by sending crafted IPv4 packets with specific protocols (53, 55, 77, 103) to fill the input queue, causing a denial of service (DoS). It uses raw sockets to construct and send packets with spoofed source IPs and adjustable TTL values.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cisco IOS (versions affected by CVE-2003-0567)
No auth needed
Prerequisites: Raw socket permissions · Network access to the target router · Knowledge of hops to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by l0cK · cdoshardware
https://www.exploit-db.com/exploits/59

This exploit targets a denial-of-service vulnerability in Cisco IOS IPv4 packet processing by sending malformed IPv4 packets with specific TTL values. It uses the libnet library to craft and send packets with varying protocols and payloads to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cisco IOS (specific versions affected by CVE-2003-0567)
No auth needed
Prerequisites: Target IP address · Correct TTL value to reach the target with TTL 0 or 1 · Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/411332
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603
Exploit, Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-17.html
Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-15.html
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html

Scores

EPSS 0.1658
EPSS Percentile 96.6%

Details

CWE
CWE-20
Status published
Products (50)
cisco/ios 11.0
cisco/ios 11.1
cisco/ios 11.1aa
cisco/ios 11.1ca
cisco/ios 11.1cc
cisco/ios 11.2
cisco/ios 11.2p
cisco/ios 11.2sa
cisco/ios 11.3
cisco/ios 11.3t
... and 40 more
Published Aug 18, 2003
Tracked Since Feb 18, 2026