Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-2476 | First vendor Publication | 2008-10-03 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5670 | |||
| Oval ID: | oval:org.mitre.oval:def:5670 | ||
| Title: | HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access | ||
| Description: | The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-2476 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 2 | |
| Os | 1 | |
| Os | 1 | |
| Os | 2 | |
| Os | 5 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-05-05 | Name : HP-UX Update for IPv6 HPSBUX02407 File : nvt/gb_hp_ux_HPSBUX02407.nasl |
| 2008-10-03 | Name : FreeBSD Security Advisory (FreeBSD-SA-08:10.nd6.asc) File : nvt/freebsdsa_nd6.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 52494 | Apple Multiple Products IPv6 Neighbor Discovery Protocol Neighbor Solicitatio... |
| 49407 | NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing |
| 48989 | Juniper Multiple Products IPv6 Neighbor Discovery Protocol Neighbor Solicitat... |
| 48745 | Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Neighbor Solicitation S... |
| 48744 | OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing |
| 48702 | FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2008-10-09 | IAVM : 2008-B-0070 - Multiple Vendors IPv6 Neighbor Discovery Protocol Spoofing Vulnerability Severity : Category II - VMSKEY : V0017557 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL9528.nasl - Type : ACT_GATHER_INFO |
| 2009-02-12 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_37897.nasl - Type : ACT_GATHER_INFO |
| 2009-02-12 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_37898.nasl - Type : ACT_GATHER_INFO |
| 2009-02-12 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_38680.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:13:22 |
|
| 2024-11-28 12:15:42 |
|
| 2024-08-02 12:09:14 |
|
| 2024-08-02 01:02:41 |
|
| 2024-02-02 01:08:48 |
|
| 2024-02-01 12:02:40 |
|
| 2023-09-05 12:08:12 |
|
| 2023-09-05 01:02:31 |
|
| 2023-09-02 12:08:18 |
|
| 2023-09-02 01:02:32 |
|
| 2023-08-12 12:09:44 |
|
| 2023-08-12 01:02:31 |
|
| 2023-08-11 12:08:22 |
|
| 2023-08-11 01:02:37 |
|
| 2023-08-06 12:08:00 |
|
| 2023-08-06 01:02:33 |
|
| 2023-08-04 12:08:06 |
|
| 2023-08-04 01:02:36 |
|
| 2023-07-14 12:08:04 |
|
| 2023-07-14 01:02:33 |
|
| 2023-03-29 01:09:08 |
|
| 2023-03-28 12:02:39 |
|
| 2022-10-11 12:07:10 |
|
| 2022-10-11 01:02:23 |
|
| 2021-05-04 12:07:33 |
|
| 2021-04-22 01:07:57 |
|
| 2020-05-24 01:04:31 |
|
| 2020-05-23 01:39:32 |
|
| 2020-05-23 00:21:45 |
|
| 2019-03-19 12:02:48 |
|
| 2017-09-29 09:23:34 |
|
| 2017-08-08 09:24:08 |
|
| 2016-04-26 17:28:51 |
|
| 2016-01-29 13:26:20 |
|
| 2014-02-17 10:45:14 |
|
| 2013-11-11 12:37:57 |
|
| 2013-05-11 00:18:20 |
|
| 2012-11-07 00:17:14 |
|
