CVE-2004-1111 : Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.

Published 2005-01-10 05:00:00

Updated 2017-10-11 01:29:42

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2004-1111

Probability of exploitation activity in the next 30 days: 1.90%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1111

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2004-1111

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5632
http://www.ciac.org/ciac/bulletins/p-034.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/18021
http://www.kb.cert.org/vuls/id/630104

Third Party Advisory;US Government Resource
http://www.us-cert.gov/cas/techalerts/TA04-316A.html

US Government Resource

Products affected by CVE-2004-1111

Cisco » IOS » Version: 12.2(18)ew
cpe:2.3:o:cisco:ios:12.2\(18\)ew:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(18)ewa
cpe:2.3:o:cisco:ios:12.2\(18\)ewa:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(18)s
cpe:2.3:o:cisco:ios:12.2\(18\)s:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(18)se
cpe:2.3:o:cisco:ios:12.2\(18\)se:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(14)sz
cpe:2.3:o:cisco:ios:12.2\(14\)sz:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(20)ew
cpe:2.3:o:cisco:ios:12.2\(20\)ew:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(18)sv
cpe:2.3:o:cisco:ios:12.2\(18\)sv:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 12.2(18)sw
cpe:2.3:o:cisco:ios:12.2\(18\)sw:*:*:*:*:*:*:*
Matching versions
Cisco » 7200 Router
cpe:2.3:h:cisco:7200_router:*:*:*:*:*:*:*:*
Matching versions
Cisco » 7500 Router
cpe:2.3:h:cisco:7500_router:*:*:*:*:*:*:*:*
Matching versions
Cisco » Catalyst 7600 » Sup720 Msfc3 Edition
cpe:2.3:h:cisco:catalyst_7600:*:*:sup720_msfc3:*:*:*:*:*
Matching versions
Cisco » Multiservice Platform 2650
cpe:2.3:h:cisco:multiservice_platform_2650:*:*:*:*:*:*:*:*
Matching versions
Cisco » Multiservice Platform 2650xm
cpe:2.3:h:cisco:multiservice_platform_2650xm:*:*:*:*:*:*:*:*
Matching versions
Cisco » Multiservice Platform 2651
cpe:2.3:h:cisco:multiservice_platform_2651:*:*:*:*:*:*:*:*
Matching versions
Cisco » Multiservice Platform 2651xm
cpe:2.3:h:cisco:multiservice_platform_2651xm:*:*:*:*:*:*:*:*
Matching versions
Cisco » 7300 Router
cpe:2.3:h:cisco:7300_router:*:*:*:*:*:*:*:*
Matching versions
Cisco » 7600 Router
cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-1111

Exploit prediction scoring system (EPSS) score for CVE-2004-1111

CVSS scores for CVE-2004-1111

References for CVE-2004-1111

Products affected by CVE-2004-1111