Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-163
Vulnerability from certfr_avis - Published: - Updated:
Cisco a publié un bulletin de sécurité regroupant cinq bulletins sur des vulnérabilités séparées. Elles concernent toutes Cisco IOS et plus précisément PPTP, DLSw, IPv6, MVPN et MPLS VPN.
Description
Cisco IOS (Internetwork Operating System) est le système d'exploitation de la majorité des routeurs et commutateurs Cisco.
- PPTP : des vulnérabilités concernant une fuite de mémoire et une mauvaise gestion des blocs décrivant les interfaces permettent un épuisement des ressources entrainant un déni de service.
- DLSw : une vulnérabilité affectant le traitement des trames UDP et IP (protocole 91) permet un redémarrage ou un déni de service à distance par épuisement des ressources mémoire.
- IPv6 : une vulnérabilité permet à l'aide d'une trame IPv6, spécifiquement créée et ciblant un équipement, de provoquer un déni de service de l'interface ou de l'équipement en fonction des cas.
- MVPN : une trame MDT (Multicast Distribution Tree) spécifiquement créée permet de détourner une partie du trafic du réseau virtuel privé.
- MPLS VPN : une vulnérabilité permet le blocage des files, des fuites mémoire et le redémarrage de l'équipement.
Solution
Se référer au bulletin de sécurité Cisco 100893 du 26 mars 2008 pour l'obtention des correctifs (cf. section Documentation).
Les Cisco IOS déployés sont vulnérables dans les cas suivants :
- les versions antérieures à la 12.3 avec le VPDN (Virtual Private Dial-up Network) activé ;
- les versions antérieures à la 12.3 avec le DLSw (Data Link Switching) activé ;
- certaines versions antérieures à la 12.3 avec le support IPv6 activé ainsi que l'UDP en IPv4 ;
- certaines versions antérieures à la 12.3 avec le MVPN (Multicast Virtual Private Network) activé ;
- certaines sous-versions de la 12.2 équipant les Cisco Catalyst 6500 et Cisco 7600 router, configurées avec OSPF (Open Shortest Path First) et MPLS VPN (Multi Protocol Label Switching Virtual Private Networking).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eLes \u003cTT\u003eCisco IOS\u003c/TT\u003e d\u00e9ploy\u00e9s sont vuln\u00e9rables dans les cas suivants : \u003cUL\u003e \u003cLI\u003eles versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eVPDN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eVirtual Private Dial-up Network\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e \u003cLI\u003eles versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eDLSw\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eData Link Switching\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e \u003cLI\u003ecertaines versions ant\u00e9rieures \u00e0 la 12.3 avec le support IPv6 activ\u00e9 ainsi que l\u0027UDP en IPv4 ;\u003c/LI\u003e \u003cLI\u003ecertaines versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eMVPN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eMulticast Virtual Private Network\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e \u003cLI\u003ecertaines sous-versions de la 12.2 \u00e9quipant les \u003cSPAN class=\"textit\"\u003eCisco Catalyst 6500\u003c/SPAN\u003e et \u003cSPAN class=\n \"textit\"\u003eCisco 7600 router\u003c/SPAN\u003e, configur\u00e9es avec \u003cTT\u003eOSPF\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eOpen Shortest Path First\u003c/SPAN\u003e) et \u003cTT\u003eMPLS VPN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eMulti Protocol Label Switching Virtual Private Networking\u003c/SPAN\u003e).\u003c/LI\u003e \u003c/UL\u003e\u003c/p\u003e",
"content": "## Description\n\nCisco IOS (Internetwork Operating System) est le syst\u00e8me d\u0027exploitation\nde la majorit\u00e9 des routeurs et commutateurs Cisco.\n\n- PPTP : des vuln\u00e9rabilit\u00e9s concernant une fuite de m\u00e9moire et une\n mauvaise gestion des blocs d\u00e9crivant les interfaces permettent un\n \u00e9puisement des ressources entrainant un d\u00e9ni de service.\n- DLSw : une vuln\u00e9rabilit\u00e9 affectant le traitement des trames UDP et\n IP (protocole 91) permet un red\u00e9marrage ou un d\u00e9ni de service \u00e0\n distance par \u00e9puisement des ressources m\u00e9moire.\n- IPv6 : une vuln\u00e9rabilit\u00e9 permet \u00e0 l\u0027aide d\u0027une trame IPv6,\n sp\u00e9cifiquement cr\u00e9\u00e9e et ciblant un \u00e9quipement, de provoquer un d\u00e9ni\n de service de l\u0027interface ou de l\u0027\u00e9quipement en fonction des cas.\n- MVPN : une trame MDT (Multicast Distribution Tree) sp\u00e9cifiquement\n cr\u00e9\u00e9e permet de d\u00e9tourner une partie du trafic du r\u00e9seau virtuel\n priv\u00e9.\n- MPLS VPN : une vuln\u00e9rabilit\u00e9 permet le blocage des files, des fuites\n m\u00e9moire et le red\u00e9marrage de l\u0027\u00e9quipement.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Cisco 100893 du 26 mars 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1151"
},
{
"name": "CVE-2008-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0537"
},
{
"name": "CVE-2008-1156",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1156"
},
{
"name": "CVE-2008-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1153"
},
{
"name": "CVE-2008-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1150"
},
{
"name": "CVE-2008-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1152"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-queue du 26 mars 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-dlsw du 26 mars 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-bundle du 26 mars 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-pptp du 26 mars 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-IPv4IPv6 du 26 mars 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-mvpn du 26 mars 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml"
}
],
"reference": "CERTA-2008-AVI-163",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Cisco a publi\u00e9 un bulletin de s\u00e9curit\u00e9 regroupant cinq bulletins sur des\nvuln\u00e9rabilit\u00e9s s\u00e9par\u00e9es. Elles concernent toutes Cisco IOS et plus\npr\u00e9cis\u00e9ment PPTP, DLSw, IPv6, MVPN et MPLS VPN.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 100893 du 26 mars 2008",
"url": null
}
]
}
CVE-2008-1152 (GCVE-0-2008-1152)
Vulnerability from cvelistv5 – Published: 2008-03-27 17:00 – Updated: 2024-08-07 08:08
VLAI?
EPSS
Summary
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "1019712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019712"
},
{
"name": "28465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28465"
},
{
"name": "20080326 Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "oval:org.mitre.oval:def:5821",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821"
},
{
"name": "cisco-ios-dlsw-dos(41482)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "1019712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019712"
},
{
"name": "28465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28465"
},
{
"name": "20080326 Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "oval:org.mitre.oval:def:5821",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821"
},
{
"name": "cisco-ios-dlsw-dos(41482)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-1152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "TA08-087B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "1019712",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019712"
},
{
"name": "28465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28465"
},
{
"name": "20080326 Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml"
},
{
"name": "29507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29507"
},
{
"name": "oval:org.mitre.oval:def:5821",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821"
},
{
"name": "cisco-ios-dlsw-dos(41482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-1152",
"datePublished": "2008-03-27T17:00:00",
"dateReserved": "2008-03-05T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1153 (GCVE-0-2008-1153)
Vulnerability from cvelistv5 – Published: 2008-03-27 10:00 – Updated: 2024-08-07 08:08
VLAI?
EPSS
Summary
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "oval:org.mitre.oval:def:5860",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5860"
},
{
"name": "cisco-ios-ipv6-dualstack-dos(41475)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41475"
},
{
"name": "28461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28461"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "1019713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019713"
},
{
"name": "VU#936177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936177"
},
{
"name": "20080326 Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "oval:org.mitre.oval:def:5860",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5860"
},
{
"name": "cisco-ios-ipv6-dualstack-dos(41475)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41475"
},
{
"name": "28461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28461"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "1019713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019713"
},
{
"name": "VU#936177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936177"
},
{
"name": "20080326 Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-1153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "oval:org.mitre.oval:def:5860",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5860"
},
{
"name": "cisco-ios-ipv6-dualstack-dos(41475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41475"
},
{
"name": "28461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28461"
},
{
"name": "TA08-087B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "1019713",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019713"
},
{
"name": "VU#936177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936177"
},
{
"name": "20080326 Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml"
},
{
"name": "29507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-1153",
"datePublished": "2008-03-27T10:00:00",
"dateReserved": "2008-03-05T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0537 (GCVE-0-2008-0537)
Vulnerability from cvelistv5 – Published: 2008-03-27 10:00 – Updated: 2024-08-07 07:46
VLAI?
EPSS
Summary
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-catalyst-sup-rsp-dos(41466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
},
{
"name": "29559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29559"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "ADV-2008-1005",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1005/references"
},
{
"name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
},
{
"name": "1019716",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019716"
},
{
"name": "28463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-catalyst-sup-rsp-dos(41466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
},
{
"name": "29559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29559"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "ADV-2008-1005",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1005/references"
},
{
"name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
},
{
"name": "1019716",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019716"
},
{
"name": "28463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-0537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-catalyst-sup-rsp-dos(41466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
},
{
"name": "29559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29559"
},
{
"name": "TA08-087B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "ADV-2008-1005",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1005/references"
},
{
"name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
},
{
"name": "1019716",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019716"
},
{
"name": "28463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-0537",
"datePublished": "2008-03-27T10:00:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1156 (GCVE-0-2008-1156)
Vulnerability from cvelistv5 – Published: 2008-03-27 10:00 – Updated: 2024-08-07 08:08
VLAI?
EPSS
Summary
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-mvpm-information-disclosure(41468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41468"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "20080326 Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml"
},
{
"name": "28464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28464"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "1019715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019715"
},
{
"name": "oval:org.mitre.oval:def:5648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create \"extra multicast states on the core routers\" via a crafted Multicast Distribution Tree (MDT) Data Join message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-mvpm-information-disclosure(41468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41468"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "20080326 Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml"
},
{
"name": "28464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28464"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "1019715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019715"
},
{
"name": "oval:org.mitre.oval:def:5648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create \"extra multicast states on the core routers\" via a crafted Multicast Distribution Tree (MDT) Data Join message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-mvpm-information-disclosure(41468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41468"
},
{
"name": "TA08-087B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "20080326 Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml"
},
{
"name": "28464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28464"
},
{
"name": "29507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29507"
},
{
"name": "1019715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019715"
},
{
"name": "oval:org.mitre.oval:def:5648",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-1156",
"datePublished": "2008-03-27T10:00:00",
"dateReserved": "2008-03-05T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1150 (GCVE-0-2008-1150)
Vulnerability from cvelistv5 – Published: 2008-03-27 17:00 – Updated: 2024-08-07 08:08
VLAI?
EPSS
Summary
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-vpdn-idb-dos(41484)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41484"
},
{
"name": "28460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28460"
},
{
"name": "20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "oval:org.mitre.oval:def:5598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "1019714",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-vpdn-idb-dos(41484)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41484"
},
{
"name": "28460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28460"
},
{
"name": "20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "oval:org.mitre.oval:def:5598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "1019714",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-vpdn-idb-dos(41484)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41484"
},
{
"name": "28460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28460"
},
{
"name": "20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml"
},
{
"name": "TA08-087B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "oval:org.mitre.oval:def:5598",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598"
},
{
"name": "29507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29507"
},
{
"name": "1019714",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-1150",
"datePublished": "2008-03-27T17:00:00",
"dateReserved": "2008-03-05T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1151 (GCVE-0-2008-1151)
Vulnerability from cvelistv5 – Published: 2008-03-27 17:00 – Updated: 2024-08-07 08:08
VLAI?
EPSS
Summary
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-vpdn-pptp-dos(41483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41483"
},
{
"name": "28460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28460"
},
{
"name": "20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "oval:org.mitre.oval:def:5287",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287"
},
{
"name": "1019714",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to \"dead memory\" that remains allocated after process termination, aka bug ID CSCsj58566."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2008-1006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-vpdn-pptp-dos(41483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41483"
},
{
"name": "28460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28460"
},
{
"name": "20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml"
},
{
"name": "TA08-087B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "29507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29507"
},
{
"name": "oval:org.mitre.oval:def:5287",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287"
},
{
"name": "1019714",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-1151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to \"dead memory\" that remains allocated after process termination, aka bug ID CSCsj58566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1006/references"
},
{
"name": "cisco-ios-vpdn-pptp-dos(41483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41483"
},
{
"name": "28460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28460"
},
{
"name": "20080326 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml"
},
{
"name": "TA08-087B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
},
{
"name": "29507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29507"
},
{
"name": "oval:org.mitre.oval:def:5287",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287"
},
{
"name": "1019714",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-1151",
"datePublished": "2008-03-27T17:00:00",
"dateReserved": "2008-03-05T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…