CVE-2006-4650 - Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are m

CVE-2006-4650

Summary

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.

References

Vulnerable Configurations

cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

oval via4

accepted

2008-09-08T04:00:38.826-04:00

class

vulnerability

contributors

name	Yuzheng Zhou
organization	Hewlett-Packard

description

family

ios

oval:org.mitre.oval:def:5713

status

accepted

submitted

2008-05-26T11:06:36.000-04:00

title

Cisco IOS GRE Source Routing Integer Overflow ACL Bypass Vulnerability

version

refmap via4

bid	19878
bugtraq	20060906 Cisco IOS GRE issue
cisco	20060906 Cisco IOS GRE Decapsulation Vulnerability
misc	http://www.phenoelit.de/stuff/CiscoGRE.txt
osvdb	28590
sectrack	1016799
secunia	21783
sreason	1526
vupen	ADV-2006-3502
xf	cisco-ios-gre-acl-bypass(28786)

Last major update

17-10-2018 - 21:38

Published

09-09-2006 - 00:04

Last modified

17-10-2018 - 21:38