Executive Summary
| Summary | |
|---|---|
| Title | Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20080924-mfi | First vendor Publication | 2008-07-25 |
| Vendor | Cisco | Last vendor Modification | 2008-09-24 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.1 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a Denial of Service (DoS) attack from specially crafted packets. Only the MFI is affected by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected. Cisco has released free software updates that address this vulnerability. |
Original Source
| Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0 (...) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5619 | |||
| Oval ID: | oval:org.mitre.oval:def:5619 | ||
| Title: | Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability | ||
| Description: | Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. | ||
| Family: | ios | Class: | vulnerability |
| Reference(s): | CVE-2008-3804 | Version: | 1 |
| Platform(s): | Cisco IOS | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 48741 | Cisco IOS MFI Implementation MPLS Packet Handling Remote DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080924-mfihttp.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 10:21:54 |
|
