ID CVE-2008-1156
Summary Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:cisco_ios:12.3
    cpe:2.3:o:cisco:cisco_ios:12.3
  • cpe:2.3:o:cisco:cisco_ios:12.4
    cpe:2.3:o:cisco:cisco_ios:12.4
  • Cisco IOS 12.0
    cpe:2.3:o:cisco:ios:12.0
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
CVSS
Base: 5.1 (as of 27-03-2008 - 10:26)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family CISCO
NASL id CISCO-SA-20080326-MVPNHTTP.NASL
description A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
last seen 2019-02-21
modified 2018-11-15
plugin id 49012
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49012
title Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak - Cisco Systems
oval via4
accepted 2008-09-08T04:00:32.289-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
family ios
id oval:org.mitre.oval:def:5648
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS Multicast Virtual Private Network Information Leakage Vulnerability
version 3
refmap via4
bid 28464
cert TA08-087B
cisco 20080326 Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
sectrack 1019715
secunia 29507
vupen ADV-2008-1006
xf cisco-ios-mvpm-information-disclosure(41468)
Last major update 07-03-2011 - 22:06
Published 27-03-2008 - 06:44
Last modified 28-09-2017 - 21:30
Back to Top