ID CVE-2007-4285
Summary Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
References
Vulnerable Configurations
  • Cisco IOS 12.0
    cpe:2.3:o:cisco:ios:12.0
  • Cisco IOS 12.1
    cpe:2.3:o:cisco:ios:12.1
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
  • Cisco IOS 12.3
    cpe:2.3:o:cisco:ios:12.3
CVSS
Base: 9.0 (as of 10-08-2007 - 10:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL COMPLETE
nessus via4
  • NASL family CISCO
    NASL id CISCO-SA-20070808-IOS-IPV6-LEAK.NASL
    description Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected IOS and IOS XR devices, and may also result in a crash of the affected IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem. Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49006
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49006
    title Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS XR - Cisco Systems
  • NASL family CISCO
    NASL id CISCO-SA-20070808-IOS-IPV6-LEAK-IOSXR.NASL
    description Cisco IOS XR contains a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability leads to information leakage on affected IOS and IOS XR devices, and can also result in a crash of the affected IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem. Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 71432
    published 2013-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71432
    title Information Leakage Using IPv6 Routing Header in Cisco IOS XR (cisco-sa-20070808-IOS-IPv6-leak)
oval via4
accepted 2008-09-08T04:00:52.250-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
family ios
id oval:org.mitre.oval:def:5840
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS 12.3 IPv6 Packet Processing Information Leakage Vulnerability
version 3
refmap via4
cisco 20070808 Cisco IOS Information Leakage Using IPv6 Routing Header
sectrack 1018542
secunia 26359
vupen ADV-2007-2819
xf cisco-ios-ipv6-header-dos(35906)
Last major update 07-03-2011 - 00:00
Published 09-08-2007 - 17:17
Last modified 28-09-2017 - 21:29
Back to Top