1. CVE-Search
  2. CVE-2008-3806
ID CVE-2008-3806
Summary Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:ios:12.3bc:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.3bc:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.2zx:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.2zx:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.2sca:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.2sca:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.2sb:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.2sb:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.2src:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.2src:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 02-06-2022 - 17:18)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:C
oval via4
accepted 2010-06-28T04:00:11.844-04:00
class vulnerability
contributors
name Kashif Latif
organization DTCC
description Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.
family ios
id oval:org.mitre.oval:def:7123
status accepted
submitted 2010-04-30T11:06:36.000-04:00
title Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability
version 8
refmap via4
cisco 20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability
confirm http://tools.cisco.com/security/center/viewAlert.x?alertId=16646
secunia 31990
xf ios-udp-ipc-dos-variant2(45592)
Last major update 02-06-2022 - 17:18
Published 26-09-2008 - 16:21
Last modified 02-06-2022 - 17:18
Back to Top