Executive Summary
| Summary | |
|---|---|
| Title | Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20080326-IPv4IPv6 | First vendor Publication | 2008-02-05 |
| Vendor | Cisco | Last vendor Modification | 2008-03-26 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.1 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected. Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability. |
Original Source
| Url : http://www.cisco.com/en/US/products/products_security_advisory09186a008096 (...) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5860 | |||
| Oval ID: | oval:org.mitre.oval:def:5860 | ||
| Title: | Cisco IOS UDP for IPv4/IPv6 Unspecified Vulnerability | ||
| Description: | Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | ||
| Family: | ios | Class: | vulnerability |
| Reference(s): | CVE-2008-1153 | Version: | 1 |
| Platform(s): | Cisco IOS | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 | |
| Os | 2 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43797 | Cisco IOS Crafted IPv6 UDP Delivery Remote DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080326-IPv4IPv6http.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 10:21:52 |
|
