CVE-2007-4285

Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:C

Exploitability : 10.0 / Impact : 8.5

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/26359	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml	Patch Vendor Advisory
http://www.securitytracker.com/id?1018542
http://www.vupen.com/english/advisories/2007/2819	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5840

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.0:::::::*
	cpe:2.3:o:cisco:ios:12.1:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:o:cisco:ios:12.3:::::::*

History

No history.

Information

Published : 2007-08-09 21:17

Updated : 2024-02-28 11:01

NVD link : CVE-2007-4285

Mitre link : CVE-2007-4285

CVE.ORG link : CVE-2007-4285

JSON object : View

Products Affected

cisco

ios

CWE

NVD-CWE-noinfo

{"id": "CVE-2007-4285", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-09T21:17:00.000", "references": [{"url": "http://secunia.com/advisories/26359", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018542", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2819", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35906", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5840", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Cisco IOS y Cisco IOS XR versiones 12.x hasta 12.3, incluyendo algunas versiones anteriores a 12.3(15) y 12.3(14)T, permite a atacantes remotos obtener informaci\u00f3n confidencial (contenido del paquete parcial) o causar una denegaci\u00f3n de servicio (bloqueo de router o componente) por medio de paquetes IPv6 dise\u00f1ados con un encabezado de enrutamiento Type 0."}], "lastModified": "2017-09-29T01:29:15.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F86F790-6247-42F2-9487-3D60A2842F52"}, {"criteria": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95"}, {"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178"}, {"criteria": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0668C45B-9D25-424B-B876-C1721BFFE5DA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}