Executive Summary
Summary | |
---|---|
Title | Cisco Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA08-087B | First vendor Publication | 2007-03-27 |
Vendor | US-CERT | Last vendor Modification | 2007-03-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco has released Cisco Security Advisory cisco-sa-20080326-bundle to correct multiple vulnerabilities affecting Cisco IOS. Attackers could exploit these vulnerabilities to access sensitive information or cause a denial of service. I. Description Cisco Security Advisory cisco-sa-20080326-bundle addresses a number of vulnerabilities affecting Cisco IOS 12.0, 12.1, II. Impact The impacts of these vulnerabilities vary. Potential consequences include disclosure of sensitive information and denial of service. III. Solution Upgrade These vulnerabilities are addressed in Cisco Security Advisory cisco-sa-20080326-bundle. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-087B.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-399 | Resource Management Errors |
20 % | CWE-200 | Information Exposure |
20 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5287 | |||
Oval ID: | oval:org.mitre.oval:def:5287 | ||
Title: | Cisco IOS Virtual Private Dial-up Network (VPDN) PPTP Session Termination Memory Leak Vulnerability | ||
Description: | Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1151 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5598 | |||
Oval ID: | oval:org.mitre.oval:def:5598 | ||
Title: | Cisco IOS Virtual Private Dial-up Network (VPDN) Denial of Service (DoS) Vulnerability | ||
Description: | The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1150 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5648 | |||
Oval ID: | oval:org.mitre.oval:def:5648 | ||
Title: | Cisco IOS Multicast Virtual Private Network Information Leakage Vulnerability | ||
Description: | Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1156 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5821 | |||
Oval ID: | oval:org.mitre.oval:def:5821 | ||
Title: | Cisco IOS Data-link Switching (DLSw) Unspecified DoS Vulnerability | ||
Description: | The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1152 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5860 | |||
Oval ID: | oval:org.mitre.oval:def:5860 | ||
Title: | Cisco IOS UDP for IPv4/IPv6 Unspecified Vulnerability | ||
Description: | Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1153 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43798 | Cisco IOS Multicast Virtual Private Network (MVPN) Crafted MDT Data Join Mess... |
43797 | Cisco IOS Crafted IPv6 UDP Delivery Remote DoS |
43796 | Cisco IOS Data-link Switching (DLSw) UDP Packet Handling Unspecified Remote DoS |
43795 | Cisco IOS PPTP Session Termination Memory Exhaustion DoS |
43794 | Cisco IOS PPTP Session Termination Virtual Access Interface (IDB) Exhaustion DoS |
43789 | Cisco IOS OSPF / MPLS VPN Unspecified Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-IPv4IPv6http.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-dlswhttp.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-mvpnhttp.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-pptphttp.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-queuehttp.nasl - Type : ACT_GATHER_INFO |