fkie_cve-2008-3813
Vulnerability from fkie_nvd
Published
2008-09-26 16:21
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
References
psirt@cisco.comhttp://secunia.com/advisories/31990Third Party Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtmlThird Party Advisory
psirt@cisco.comhttp://www.securitytracker.com/id?1020938Broken Link, Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/2670Permissions Required
psirt@cisco.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5362Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31990Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020938Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2670Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5362Third Party Advisory
Impacted products
Vendor Product Version
cisco ios 12.2se
cisco ios 12.2sg
cisco ios 12.2srb
cisco ios 12.4mr
cisco ios 12.4sw
cisco ios 12.4t
cisco ios 12.4xj
cisco ios 12.4xv
cisco ios 12.4xw


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2se:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05A548B-C443-4C15-B636-64C1F9B9860D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "E85ABE5E-7900-4A9C-A945-48B293EF46B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2srb:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8E6BB50-7C0C-4E31-8DB0-40E145C8D9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4mr:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7414D32-88A1-416E-A717-3F47B6D1BE74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4sw:*:*:*:*:*:*:*",
              "matchCriteriaId": "370DC543-AC01-4B91-88C7-60C323E35929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAD7398-D1B2-47FB-952D-8C3162D5A363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4xj:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF610051-1638-4C1B-9864-11E34EFC4DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4xv:*:*:*:*:*:*:*",
              "matchCriteriaId": "883FA166-2973-42BA-842D-28FBDBFEAC4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:*",
              "matchCriteriaId": "4362045B-7065-4FF9-A977-B3DA7894F831",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Cisco IOS v12.2 y v12.4. Cuando est\u00e1 habilitado el proceso de demonio del L2TP (Layer 2 Tunneling Protocol) mgmt permite a atacantes remotos causar denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s un paquete L2TP manipulado."
    }
  ],
  "id": "CVE-2008-3813",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-26T16:21:44.363",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020938"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2670"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5362"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.