ID CVE-2007-0917
Summary The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
References
Vulnerable Configurations
  • Cisco IOS 12.3T
    cpe:2.3:o:cisco:ios:12.3t
  • Cisco IOS 12.3XQ
    cpe:2.3:o:cisco:ios:12.3xq
  • Cisco IOS 12.3XR
    cpe:2.3:o:cisco:ios:12.3xr
  • Cisco IOS 12.3XS
    cpe:2.3:o:cisco:ios:12.3xs
  • Cisco IOS 12.3XW
    cpe:2.3:o:cisco:ios:12.3xw
  • Cisco IOS 12.3XX
    cpe:2.3:o:cisco:ios:12.3xx
  • Cisco IOS 12.3XY
    cpe:2.3:o:cisco:ios:12.3xy
  • Cisco IOS 12.3YA
    cpe:2.3:o:cisco:ios:12.3ya
  • Cisco IOS 12.3YD
    cpe:2.3:o:cisco:ios:12.3yd
  • Cisco IOS 12.3YG
    cpe:2.3:o:cisco:ios:12.3yg
  • Cisco IOS 12.3YH
    cpe:2.3:o:cisco:ios:12.3yh
  • Cisco IOS 12.3YI
    cpe:2.3:o:cisco:ios:12.3yi
  • Cisco IOS 12.3YJ
    cpe:2.3:o:cisco:ios:12.3yj
  • Cisco IOS 12.3YK
    cpe:2.3:o:cisco:ios:12.3yk
  • Cisco IOS 12.3YM
    cpe:2.3:o:cisco:ios:12.3ym
  • Cisco IOS 12.3YQ
    cpe:2.3:o:cisco:ios:12.3yq
  • Cisco IOS 12.3YS
    cpe:2.3:o:cisco:ios:12.3ys
  • Cisco IOS 12.3YT
    cpe:2.3:o:cisco:ios:12.3yt
  • Cisco IOS 12.3YX
    cpe:2.3:o:cisco:ios:12.3yx
  • Cisco IOS 12.3YZ
    cpe:2.3:o:cisco:ios:12.3yz
  • Cisco IOS 12.4
    cpe:2.3:o:cisco:ios:12.4
  • Cisco IOS 12.4MR
    cpe:2.3:o:cisco:ios:12.4mr
  • Cisco IOS 12.4T
    cpe:2.3:o:cisco:ios:12.4t
  • Cisco IOS 12.4XA
    cpe:2.3:o:cisco:ios:12.4xa
  • Cisco IOS 12.4XB
    cpe:2.3:o:cisco:ios:12.4xb
CVSS
Base: 6.4 (as of 14-02-2007 - 16:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family CISCO
    NASL id CISCO-SA-20070213-IOSIPSHTTP.NASL
    description The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include: - Fragmented IP packets may be used to evade signature inspection. (CVE-2007-0917) - IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service. (CVE-2007-0918)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49000
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49000
    title Multiple IOS IPS Vulnerabilities
  • NASL family CISCO
    NASL id CSCSG15598.NASL
    description The remote version of IOS contains an intrusion prevention system that is affected by a fragmented packet evasion vulnerability and a denial of service vulnerability. An attacker might use these flaws to disable this device remotely or to sneak past the IPS.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 24739
    published 2007-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24739
    title Cisco IOS Intrusion Prevention System (IPS) Multiple Vulnerabilities (CSCsa53334, CSCsg15598)
oval via4
accepted 2010-06-14T04:00:04.364-04:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name KASHIF LATIF
    organization DTCC
description The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
family ios
id oval:org.mitre.oval:def:5858
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS Fragmented Packet IPS Evasion Vulnerability
version 5
refmap via4
bid 22549
cisco 20070213 Multiple IOS IPS Vulnerabilities
misc http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html
osvdb 33052
sectrack 1017631
secunia 24142
vupen ADV-2007-0597
xf cisco-ios-ips-security-bypass(32473)
Last major update 07-03-2011 - 21:50
Published 13-02-2007 - 21:28
Last modified 10-10-2017 - 21:31
Back to Top