Executive Summary
Summary | |
---|---|
Title | Cisco IOS denial of service vulnerability |
Informations | |||
---|---|---|---|
Name | VU#936177 | First vendor Publication | 2008-03-26 |
Vendor | VU-CERT | Last vendor Modification | 2008-03-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#936177Cisco IOS denial of service vulnerabilityOverviewA vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service.I. DescriptionThe Cisco Internetwork Operating System (IOS) includes support for processing Internet Protocol version 6 (IPv6) packets.Per Cisco Advisory cisco-sa-20080326-IPv4IPv6:
II. ImpactA remote, unauthenticated attacker could cause a vulnerable system to crash or stop forwarding network traffic.III. SolutionUpgradeCisco has made updates available to address this issue.
References
Thanks to Cisco for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/936177 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5860 | |||
Oval ID: | oval:org.mitre.oval:def:5860 | ||
Title: | Cisco IOS UDP for IPv4/IPv6 Unspecified Vulnerability | ||
Description: | Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1153 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43797 | Cisco IOS Crafted IPv6 UDP Delivery Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-IPv4IPv6http.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:08:17 |
|
2013-05-11 00:57:29 |
|