ID CVE-2007-5651
Summary Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet.
References
Vulnerable Configurations
  • Cisco CatOS 6.1
    cpe:2.3:o:cisco:catos:6.1
  • Cisco CatOS 6.2
    cpe:2.3:o:cisco:catos:6.2
  • Cisco CatOS 6.3
    cpe:2.3:o:cisco:catos:6.3
  • Cisco CatOS 6.4
    cpe:2.3:o:cisco:catos:6.4
  • Cisco CatOS 7.1
    cpe:2.3:o:cisco:catos:7.1
  • Cisco CatOS 7.2
    cpe:2.3:o:cisco:catos:7.2
  • Cisco CatOS 7.3
    cpe:2.3:o:cisco:catos:7.3
  • Cisco CatOS 7.4
    cpe:2.3:o:cisco:catos:7.4
  • Cisco CatOS 7.5
    cpe:2.3:o:cisco:catos:7.5
  • Cisco CatOS 7.6
    cpe:2.3:o:cisco:catos:7.6
  • Cisco CatOS 8.1
    cpe:2.3:o:cisco:catos:8.1
  • Cisco CatOS 8.2
    cpe:2.3:o:cisco:catos:8.2
  • Cisco CatOS 8.3
    cpe:2.3:o:cisco:catos:8.3
  • Cisco CatOS 8.4
    cpe:2.3:o:cisco:catos:8.4
  • Cisco CatOS 8.5
    cpe:2.3:o:cisco:catos:8.5
  • Cisco IOS 12.1
    cpe:2.3:o:cisco:ios:12.1
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
  • Cisco IOS 12.3JA
    cpe:2.3:o:cisco:ios:12.3ja
  • Cisco IOS 12.3JEA
    cpe:2.3:o:cisco:ios:12.3jea
  • Cisco IOS 12.3JEB
    cpe:2.3:o:cisco:ios:12.3jeb
  • Cisco IOS 12.3JEC
    cpe:2.3:o:cisco:ios:12.3jec
  • Cisco IOS 12.4JA
    cpe:2.3:o:cisco:ios:12.4ja
CVSS
Base: 7.1 (as of 24-10-2007 - 21:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family CISCO
NASL id CISCO-SR-20071019-EAP.NASL
description The version of Cisco IOS running on the remote host has a denial of service vulnerability. The Extensible Authentication Protocol (EAP) implementation does not properly process EAP packets, which could cause the device to crash. A remote, unauthenticated attacker could exploit this to execute arbitrary code.
last seen 2019-02-21
modified 2018-11-15
plugin id 68991
published 2013-07-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=68991
title Cisco IOS Extensible Authentication Protocol Vulnerability (cisco-sr-20071019-eap)
oval via4
accepted 2008-09-08T04:00:20.684-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet.
family ios
id oval:org.mitre.oval:def:5288
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Extensible Authentication Protocol (EAP) Design Error Vulnerability
version 3
refmap via4
bid 26139
cisco 20071019 Extensible Authentication Protocol Vulnerability
sectrack 1018842
secunia 27329
vupen ADV-2007-3566
xf cisco-eap-dos(37300)
Last major update 07-03-2011 - 22:01
Published 23-10-2007 - 17:47
Last modified 28-09-2017 - 21:29
Back to Top