ID CVE-2008-1153
Summary Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:cisco_ios:12.3
    cpe:2.3:o:cisco:cisco_ios:12.3
  • cpe:2.3:o:cisco:cisco_ios:12.4
    cpe:2.3:o:cisco:cisco_ios:12.4
  • Cisco IOS 12.1
    cpe:2.3:o:cisco:ios:12.1
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
CVSS
Base: 7.1 (as of 27-03-2008 - 10:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family CISCO
NASL id CISCO-SA-20080326-IPV4IPV6HTTP.NASL
description A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected. Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
last seen 2019-02-21
modified 2018-11-15
plugin id 49011
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49011
title Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers - Cisco Systems
oval via4
accepted 2008-09-08T04:00:55.428-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
family ios
id oval:org.mitre.oval:def:5860
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS UDP for IPv4/IPv6 Unspecified Vulnerability
version 3
refmap via4
bid 28461
cert TA08-087B
cert-vn VU#936177
cisco 20080326 Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers
sectrack 1019713
secunia 29507
vupen ADV-2008-1006
xf cisco-ios-ipv6-dualstack-dos(41475)
Last major update 07-03-2011 - 22:06
Published 27-03-2008 - 06:44
Last modified 28-09-2017 - 21:30
Back to Top