Executive Summary
Summary | |
---|---|
Title | Cisco IOS Information Leakage Using IPv6 Routing Header |
Informations | |||
---|---|---|---|
Name | cisco-sa-20070808-IOS-IPv6-leak | First vendor Publication | 2007-07-26 |
Vendor | Cisco | Last vendor Modification | 2007-08-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 8.5 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected IOS and IOS XR devices, and may also result in a crash of the affected IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5840 | |||
Oval ID: | oval:org.mitre.oval:def:5840 | ||
Title: | Cisco IOS 12.3 IPv6 Packet Processing Information Leakage Vulnerability | ||
Description: | Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4285 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36666 | Cisco IOS Crafted IPv6 Routing Header Remote DoS |
36665 | Cisco IOS Crafted IPv6 Routing Header Remote Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-12-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-IOS-IPv6-leak-iosxr.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-IOS-IPv6-leak.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:21:51 |
|