CVE-2004-1464
MEDIUM KEVCisco IOS < 12.2(15)zj3 - Denial of Service via Crafted TCP Connection to Telnet Port
Title source: llmExploitation Summary
CVE-2004-1464 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 19, 2023.
Description
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
References (7)
Core 7
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2004-1464
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17131
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011079
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/384230
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12395/
Not Applicable, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11060
Scores
CVSS v3
5.9
EPSS
0.0220
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2023-05-19
VulnCheck KEV
2006-08-27
InTheWild.io
2023-05-19
ENISA EUVD
EUVD-2004-1458
CWE
CWE-400
Status
published
Products (1)
cisco/ios
< 12.2\(15\)zj3
Published
Dec 31, 2004
KEV Added
May 19, 2023
Tracked Since
Feb 18, 2026