fkie_cve-2008-3806
Vulnerability from fkie_nvd
Published
2008-09-26 16:21
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.
References
psirt@cisco.comhttp://secunia.com/advisories/31990Third Party Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=16646Vendor Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtmlVendor Advisory
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/45592Third Party Advisory, VDB Entry
psirt@cisco.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7123Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31990Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=16646Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45592Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7123Third Party Advisory
Impacted products
Vendor Product Version
cisco ios 12.0s
cisco ios 12.0sl
cisco ios 12.0st
cisco ios 12.2sb
cisco ios 12.2sca
cisco ios 12.2src
cisco ios 12.2zx
cisco ios 12.3bc
cisco ios 12.3t
cisco ios 12.3xi
cisco ios 12.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B6B0C2F-2FBE-4422-AD30-305100C595CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEA01D2-B985-4575-AF00-144CE2E3024D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sb:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADBDC6C0-961B-441D-8C34-AACE0902057E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sca:*:*:*:*:*:*:*",
              "matchCriteriaId": "140C7C99-1B50-431C-B55C-DFF308E7ECF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2src:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0DA930-86CE-4D17-BD41-9C4E47D8088F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2zx:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9663D24-0D1D-4F46-961F-9D37D3776E90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.3bc:*:*:*:*:*:*:*",
              "matchCriteriaId": "40183EF8-BD19-49AD-9E55-7FCCA635327F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C3B413-76F7-413B-A51F-29834F9DE722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA212293-7BAF-4AD9-BD30-E953CBA7CB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805."
    },
    {
      "lang": "es",
      "value": "En Cisco IOS v12.0 a la v12.4 en Cisco 10000, los paquetes externos del UDP del manejador de dispositivos de la serie uBR10012 y uBR7200 que se env\u00edan a las direcciones 127.0.0.0 /8 pensados para comunicaci\u00f3n IPC dentro del dispositivo, permite que los atacantes remotos causen una denegaci\u00f3n del servicio (reinicio del dispositivo o del linecard) a trav\u00e9s de paquetes  del UDP manipulados, una vulnerabilidad distinta de CVE-2008-3805."
    }
  ],
  "id": "CVE-2008-3806",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-26T16:21:44.220",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45592"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7123"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.