cvelistv5 - cve-2008-0537

CVE-2008-0537 (GCVE-0-2008-0537)

Vulnerability from cvelistv5 – Published: 2008-03-27 10:00 – Updated: 2024-08-07 07:46

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/29559	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA08-087B.html	third-party-advisoryx_refsource_CERT
	http://www.vupen.com/english/advisories/2008/1005…	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id?1019716	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/28463	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:55.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-catalyst-sup-rsp-dos(41466)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
          },
          {
            "name": "29559",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29559"
          },
          {
            "name": "TA08-087B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
          },
          {
            "name": "ADV-2008-1005",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1005/references"
          },
          {
            "name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
          },
          {
            "name": "1019716",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019716"
          },
          {
            "name": "28463",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28463"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-catalyst-sup-rsp-dos(41466)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
        },
        {
          "name": "29559",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29559"
        },
        {
          "name": "TA08-087B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
        },
        {
          "name": "ADV-2008-1005",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1005/references"
        },
        {
          "name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
        },
        {
          "name": "1019716",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019716"
        },
        {
          "name": "28463",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28463"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-catalyst-sup-rsp-dos(41466)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
            },
            {
              "name": "29559",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29559"
            },
            {
              "name": "TA08-087B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
            },
            {
              "name": "ADV-2008-1005",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1005/references"
            },
            {
              "name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
            },
            {
              "name": "1019716",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019716"
            },
            {
              "name": "28463",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28463"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-0537",
    "datePublished": "2008-03-27T10:00:00",
    "dateReserved": "2008-01-31T00:00:00",
    "dateUpdated": "2024-08-07T07:46:55.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9097F459-1AE3-4924-8E81-046F84FBB041\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99DE48DF-A309-4A1C-B977-AE81B4EDB589\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:me_6524_ethernet_switch:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6188EAF7-F61F-44D9-8D8A-AED195D045F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:route_switch_processor:rsp720:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABC994F2-CD1D-4B42-A92F-EF01BBBD59BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:supervisor_engine:sup32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99A3D8A9-FFD2-4DAC-997A-0E118878A360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:supervisor_engine:sup720:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5ECF6D1-A7AB-4149-943E-F011038F6C40\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidades no especificadas en Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), y Route Switch Processor 720 (RSP720) para m\\u00faltiples productos de Cisco, cuando utilizan Multi Protocol Label Switching (MPLS) VPN y OSPF sham-link, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (cola bloqueada, dispositivo reiniciado, o fuga de memoria) a trav\\u00e9s de vectores desconocidos.\"}]",
      "id": "CVE-2008-0537",
      "lastModified": "2024-11-21T00:42:20.000",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-03-27T10:44:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/29559\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/28463\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id?1019716\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-087B.html\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1005/references\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41466\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/29559\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/28463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019716\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-087B.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1005/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41466\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0537\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2008-03-27T10:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidades no especificadas en Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), y Route Switch Processor 720 (RSP720) para m\u00faltiples productos de Cisco, cuando utilizan Multi Protocol Label Switching (MPLS) VPN y OSPF sham-link, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cola bloqueada, dispositivo reiniciado, o fuga de memoria) a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9097F459-1AE3-4924-8E81-046F84FBB041\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99DE48DF-A309-4A1C-B977-AE81B4EDB589\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:me_6524_ethernet_switch:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6188EAF7-F61F-44D9-8D8A-AED195D045F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:route_switch_processor:rsp720:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC994F2-CD1D-4B42-A92F-EF01BBBD59BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:supervisor_engine:sup32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99A3D8A9-FFD2-4DAC-997A-0E118878A360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:supervisor_engine:sup720:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5ECF6D1-A7AB-4149-943E-F011038F6C40\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/29559\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/28463\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id?1019716\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-087B.html\",\"source\":\"psirt@cisco.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1005/references\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41466\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/29559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/28463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-087B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1005/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-0537

Vulnerability from fkie_nvd - Published: 2008-03-27 10:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/29559	Vendor Advisory
psirt@cisco.com	http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/28463
psirt@cisco.com	http://www.securitytracker.com/id?1019716
psirt@cisco.com	http://www.us-cert.gov/cas/techalerts/TA08-087B.html	US Government Resource
psirt@cisco.com	http://www.vupen.com/english/advisories/2008/1005/references
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41466
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29559	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28463
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019716
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-087B.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1005/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41466

Impacted products

Vendor	Product	Version
cisco	7600_router	*
cisco	catalyst_6500	*
cisco	me_6524_ethernet_switch	*
cisco	route_switch_processor	rsp720
cisco	supervisor_engine	sup32
cisco	supervisor_engine	sup720

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9097F459-1AE3-4924-8E81-046F84FBB041",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:me_6524_ethernet_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6188EAF7-F61F-44D9-8D8A-AED195D045F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:route_switch_processor:rsp720:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC994F2-CD1D-4B42-A92F-EF01BBBD59BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:supervisor_engine:sup32:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A3D8A9-FFD2-4DAC-997A-0E118878A360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:supervisor_engine:sup720:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECF6D1-A7AB-4149-943E-F011038F6C40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidades no especificadas en Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), y Route Switch Processor 720 (RSP720) para m\u00faltiples productos de Cisco, cuando utilizan Multi Protocol Label Switching (MPLS) VPN y OSPF sham-link, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cola bloqueada, dispositivo reiniciado, o fuga de memoria) a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2008-0537",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-27T10:44:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29559"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/28463"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1019716"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2008/1005/references"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1005/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3X27-PVP2-3H6M

Vulnerability from github – Published: 2022-05-01 23:31 – Updated: 2022-05-01 23:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0537"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-27T10:44:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.",
  "id": "GHSA-3x27-pvp2-3h6m",
  "modified": "2022-05-01T23:31:17Z",
  "published": "2022-05-01T23:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0537"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29559"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28463"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019716"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1005/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200803-0034

Vulnerability from variot - Updated: 2023-12-18 11:43

Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. An attacker can exploit this issue to prevent any traffic from entering affected devices, causing denial-of-service conditions for legitimate users. The following devices are affected: Cisco Catalyst 6500 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL Cisco 7600 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL Cisco 7600 Series devices with the RSP720, RSP720-3C, or RSP720-3CXL Cisco ME 6524 Ethernet Switch Some Cisco IOS branches based on 12.2 are vulnerable only when combined with hardware based on specific Catalyst Supervisor Engines (Sup32, Sup720, or RSP720) and configured with MPLS VPN and OSPF sham-link. NOTE: OSPF and MPLS VPN are not enabled by default. Cisco IOS is the Internet operating system used in Cisco networking equipment. In addition to possibly blocked interface queues, devices may also experience memory leaks or reboots. In the case of a memory leak, the device cannot forward traffic once it has exhausted the available memory. ----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

The vulnerability is caused due to an unspecified error in the handling of certain packets and can be exploited to cause a blocked interface input queue, a memory leak, or a restart of the device.

PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by a customer.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    National Cyber Alert System

Technical Cyber Security Alert TA08-087B

Cisco Updates for Multiple Vulnerabilities

Original release date: March 27, 2007 Last revised: -- Source: US-CERT

Systems Affected

 * Cisco IOS

Overview

Cisco has released Cisco Security Advisory cisco-sa-20080326-bundle to correct multiple vulnerabilities affecting Cisco IOS. Attackers could exploit these vulnerabilities to access sensitive information or cause a denial of service.

I. Description

Cisco Security Advisory cisco-sa-20080326-bundle addresses a number of vulnerabilities affecting Cisco IOS 12.0, 12.1, 12.2, 12.3, and 12.4. Further details are available in the US-CERT Vulnerability Notes Database.

II. Impact

The impacts of these vulnerabilities vary. Potential consequences include disclosure of sensitive information and denial of service.

III. Solution

Upgrade

These vulnerabilities are addressed in Cisco Security Advisory cisco-sa-20080326-bundle.

IV. References

 * US-CERT Vulnerability Notes -
   <http://www.kb.cert.org/vuls/byid?searchview&query=cisco-sa-20080326-bundle>

 * Cisco     Security     Advisory     cisco-sa-20080326-bundle     -
   <http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml>

 * Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network
   Denial of Service Vulnerability -
   <http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml>

 * Cisco   Security   Advisory:   Multiple  DLSw  Denial  of  Service
   Vulnerabilities in Cisco IOS -
   <http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml>

 * Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery
   Issue For IPv4/IPv6 Dual-stack Routers -
   <http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml>

 * Cisco  Security  Advisory:  Vulnerability  in Cisco IOS with OSPF,
   MPLS  VPN,  and  Supervisor  32,  Supervisor  720, or Route Switch
   Processor 720 - 
   <http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml>

 * Cisco  Security  Advisory:  Cisco  IOS  Multicast  Virtual Private
   Network (MVPN) Data Leak -
   <http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA08-087B.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-087B Feedback VU#936177" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2008 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

March 27, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR+vjW/RFkHkM87XOAQLjnQf+PgUTq9wrF8th28Ur2qUgViOGFbNOzwbp 1Awp1ygPnGsT2BVBdwo7ugfuQXMHiz8rnG/7Ovf5prr3FjI6I/3XRMFTpS/ZmF1W m0e6H+vhJSmvJp02a4X9Rzm8Rq9jYda7SJHAFiiblxMSKOuOn2bKpOPxyrhnZmcA UsuFp5A4mHoMqi4LWO0XqCTBzC1r3myx9j3dVg0yJ0LuIvYWUoqOsHI1ywG+ryLO MfSbpvFgbfU5pn3e61hS++oIpOjmlLuRdu1o/2vHizqcUSfhKx2ccdOUG0c2Opr/ oabL6WpJHRePXbz1jdOPHGVPVH/6OVVSr+L2Ug1Qd8hBLwwbcfGweQ== =pX05 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0034",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "me 6524 ethernet switch",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "route switch processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "rsp720"
      },
      {
        "model": "supervisor engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "sup32"
      },
      {
        "model": "supervisor engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "sup720"
      },
      {
        "model": "7500 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6500 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6500",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "7600 router",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "me6524",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios 12.2zu",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxd",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sra",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixd",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst sup720-3bxl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6500"
      },
      {
        "model": "catalyst sup720-3b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6500"
      },
      {
        "model": "catalyst sup720",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6500"
      },
      {
        "model": "catalyst sup32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6500"
      },
      {
        "model": "sup720-3bxl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "sup720-3b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "sup720",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "sup32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "rsp720-3cxl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "rsp720-3c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "rsp720",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "ios 12.2sxh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sxh2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sra7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sra4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sxf13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "28463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:me_6524_ethernet_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:route_switch_processor:rsp720:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:supervisor_engine:sup32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:supervisor_engine:sup720:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0537",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-0537",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-30662",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0537",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-436",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30662",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. \nAn attacker can exploit this issue to prevent any traffic from entering affected devices, causing denial-of-service conditions for legitimate users. \nThe following devices are affected:\nCisco Catalyst 6500 Series devices with the Sup32, Sup720, Sup720-3B, or  Sup720-3BXL\nCisco 7600 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL\nCisco 7600 Series devices with the RSP720, RSP720-3C, or RSP720-3CXL\nCisco ME 6524 Ethernet Switch\nSome Cisco IOS branches based on 12.2 are vulnerable only when combined with hardware based on specific Catalyst Supervisor Engines  (Sup32, Sup720, or RSP720) and configured with MPLS VPN and OSPF sham-link. \nNOTE: OSPF and MPLS VPN are not enabled by default. Cisco IOS is the Internet operating system used in Cisco networking equipment. In addition to possibly blocked interface queues, devices may also experience memory leaks or reboots. In the case of a memory leak, the device cannot forward traffic once it has exhausted the available memory. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nThe vulnerability is caused due to an unspecified error in the\nhandling of certain packets and can be exploited to cause a blocked\ninterface input queue, a memory leak, or a restart of the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported to the vendor by a customer. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n        National Cyber Alert System\n\n   Technical Cyber Security Alert TA08-087B\n\n\nCisco Updates for Multiple Vulnerabilities\n\n   Original release date: March 27, 2007\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Cisco IOS\n\n\nOverview\n\n   Cisco has released Cisco Security Advisory cisco-sa-20080326-bundle to\n   correct  multiple vulnerabilities affecting Cisco IOS. Attackers could\n   exploit  these vulnerabilities to access sensitive information\n   or cause a denial of service. \n\n\nI. Description\n\n   Cisco  Security Advisory cisco-sa-20080326-bundle addresses\n   a  number  of vulnerabilities affecting Cisco IOS 12.0, 12.1,\n   12.2,  12.3, and 12.4.  Further details are available  in  the US-CERT\n   Vulnerability Notes Database. \n\n\nII. Impact\n\n   The  impacts  of  these  vulnerabilities  vary. Potential consequences\n   include disclosure  of  sensitive  information  and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n   These   vulnerabilities  are  addressed  in  Cisco  Security  Advisory\n   cisco-sa-20080326-bundle. \n\n\nIV. References\n\n     * US-CERT Vulnerability Notes -\n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=cisco-sa-20080326-bundle\u003e\n\n     * Cisco     Security     Advisory     cisco-sa-20080326-bundle     -\n       \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml\u003e\n\n     * Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network\n       Denial of Service Vulnerability -\n       \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml\u003e\n\n     * Cisco   Security   Advisory:   Multiple  DLSw  Denial  of  Service\n       Vulnerabilities in Cisco IOS -\n       \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml\u003e\n\n     * Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery\n       Issue For IPv4/IPv6 Dual-stack Routers -\n       \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml\u003e\n\n     * Cisco  Security  Advisory:  Vulnerability  in Cisco IOS with OSPF,\n       MPLS  VPN,  and  Supervisor  32,  Supervisor  720, or Route Switch\n       Processor 720 - \n       \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\u003e\n\n     * Cisco  Security  Advisory:  Cisco  IOS  Multicast  Virtual Private\n       Network (MVPN) Data Leak -\n       \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA08-087B.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA08-087B Feedback VU#936177\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2008 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n   Revision History\n\n   March 27, 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR+vjW/RFkHkM87XOAQLjnQf+PgUTq9wrF8th28Ur2qUgViOGFbNOzwbp\n1Awp1ygPnGsT2BVBdwo7ugfuQXMHiz8rnG/7Ovf5prr3FjI6I/3XRMFTpS/ZmF1W\nm0e6H+vhJSmvJp02a4X9Rzm8Rq9jYda7SJHAFiiblxMSKOuOn2bKpOPxyrhnZmcA\nUsuFp5A4mHoMqi4LWO0XqCTBzC1r3myx9j3dVg0yJ0LuIvYWUoqOsHI1ywG+ryLO\nMfSbpvFgbfU5pn3e61hS++oIpOjmlLuRdu1o/2vHizqcUSfhKx2ccdOUG0c2Opr/\noabL6WpJHRePXbz1jdOPHGVPVH/6OVVSr+L2Ug1Qd8hBLwwbcfGweQ==\n=pX05\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "BID",
        "id": "28463"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "db": "PACKETSTORM",
        "id": "64963"
      },
      {
        "db": "PACKETSTORM",
        "id": "64957"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "28463",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "29559",
        "trust": 2.6
      },
      {
        "db": "USCERT",
        "id": "TA08-087B",
        "trust": 2.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1005",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1019716",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA08-087B",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20080326 VULNERABILITY IN CISCO IOS WITH OSPF, MPLS VPN, AND SUPERVISOR 32, SUPERVISOR 720, OR ROUTE SWITCH PROCESSOR 720",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "41466",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-30662",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64963",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64957",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "db": "BID",
        "id": "28463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "PACKETSTORM",
        "id": "64963"
      },
      {
        "db": "PACKETSTORM",
        "id": "64957"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "id": "VAR-200803-0034",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30662"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:43:30.033000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20080326-queue",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/28463"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-087b.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019716"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29559"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1005/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/29559/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0537"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/1005"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-087b/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-087b"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0537"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/41466"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/1005/references"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/490111"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15865/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/50/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15864/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/182/"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=cisco-sa-20080326-bundle\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-ipv4ipv6.shtml\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-087b.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "db": "BID",
        "id": "28463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "PACKETSTORM",
        "id": "64963"
      },
      {
        "db": "PACKETSTORM",
        "id": "64957"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "db": "BID",
        "id": "28463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "db": "PACKETSTORM",
        "id": "64963"
      },
      {
        "db": "PACKETSTORM",
        "id": "64957"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "date": "2008-03-26T00:00:00",
        "db": "BID",
        "id": "28463"
      },
      {
        "date": "2008-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "date": "2008-03-28T20:26:02",
        "db": "PACKETSTORM",
        "id": "64963"
      },
      {
        "date": "2008-03-27T21:29:26",
        "db": "PACKETSTORM",
        "id": "64957"
      },
      {
        "date": "2008-03-27T10:44:00",
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "date": "2008-03-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30662"
      },
      {
        "date": "2008-03-26T21:09:00",
        "db": "BID",
        "id": "28463"
      },
      {
        "date": "2008-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      },
      {
        "date": "2017-08-08T01:29:38.167000",
        "db": "NVD",
        "id": "CVE-2008-0537"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco Service disruption in certain product functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001244"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-436"
      }
    ],
    "trust": 0.6
  }
}

GSD-2008-0537

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0537

Aliases

CVE-2008-0537

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0537",
    "description": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.",
    "id": "GSD-2008-0537"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0537"
      ],
      "details": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.",
      "id": "GSD-2008-0537",
      "modified": "2023-12-13T01:22:58.822031Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2008-0537",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-catalyst-sup-rsp-dos(41466)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
          },
          {
            "name": "29559",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29559"
          },
          {
            "name": "TA08-087B",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
          },
          {
            "name": "ADV-2008-1005",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1005/references"
          },
          {
            "name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
          },
          {
            "name": "1019716",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019716"
          },
          {
            "name": "28463",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28463"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:me_6524_ethernet_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:route_switch_processor:rsp720:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:supervisor_engine:sup32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:supervisor_engine:sup720:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0537"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
            },
            {
              "name": "TA08-087B",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html"
            },
            {
              "name": "28463",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28463"
            },
            {
              "name": "29559",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29559"
            },
            {
              "name": "1019716",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019716"
            },
            {
              "name": "ADV-2008-1005",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1005/references"
            },
            {
              "name": "cisco-catalyst-sup-rsp-dos(41466)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-03-27T10:44Z"
    }
  }
}

CERTA-2008-AVI-163

Vulnerability from certfr_avis - Published: - Updated:

Cisco a publié un bulletin de sécurité regroupant cinq bulletins sur des vulnérabilités séparées. Elles concernent toutes Cisco IOS et plus précisément PPTP, DLSw, IPv6, MVPN et MPLS VPN.

Description

Cisco IOS (Internetwork Operating System) est le système d'exploitation de la majorité des routeurs et commutateurs Cisco.

PPTP : des vulnérabilités concernant une fuite de mémoire et une mauvaise gestion des blocs décrivant les interfaces permettent un épuisement des ressources entrainant un déni de service.
DLSw : une vulnérabilité affectant le traitement des trames UDP et IP (protocole 91) permet un redémarrage ou un déni de service à distance par épuisement des ressources mémoire.
IPv6 : une vulnérabilité permet à l'aide d'une trame IPv6, spécifiquement créée et ciblant un équipement, de provoquer un déni de service de l'interface ou de l'équipement en fonction des cas.
MVPN : une trame MDT (Multicast Distribution Tree) spécifiquement créée permet de détourner une partie du trafic du réseau virtuel privé.
MPLS VPN : une vulnérabilité permet le blocage des files, des fuites mémoire et le redémarrage de l'équipement.

Solution

Se référer au bulletin de sécurité Cisco 100893 du 26 mars 2008 pour l'obtention des correctifs (cf. section Documentation).

Les Cisco IOS déployés sont vulnérables dans les cas suivants :

les versions antérieures à la 12.3 avec le VPDN (Virtual Private Dial-up Network) activé ;
les versions antérieures à la 12.3 avec le DLSw (Data Link Switching) activé ;
certaines versions antérieures à la 12.3 avec le support IPv6 activé ainsi que l'UDP en IPv4 ;
certaines versions antérieures à la 12.3 avec le MVPN (Multicast Virtual Private Network) activé ;
certaines sous-versions de la 12.2 équipant les Cisco Catalyst 6500 et Cisco 7600 router, configurées avec OSPF (Open Shortest Path First) et MPLS VPN (Multi Protocol Label Switching Virtual Private Networking).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 100893 du 26 mars 2008	None	vendor-advisory
Bulletin de sécurité Cisco 20080326-queue du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-dlsw du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-bundle du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-pptp du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-IPv4IPv6 du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-mvpn du 26 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes \u003cTT\u003eCisco IOS\u003c/TT\u003e d\u00e9ploy\u00e9s sont  vuln\u00e9rables dans les cas suivants :  \u003cUL\u003e    \u003cLI\u003eles versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eVPDN\u003c/TT\u003e    (\u003cSPAN class=\"textit\"\u003eVirtual Private Dial-up Network\u003c/SPAN\u003e)    activ\u00e9 ;\u003c/LI\u003e    \u003cLI\u003eles versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eDLSw\u003c/TT\u003e    (\u003cSPAN class=\"textit\"\u003eData Link Switching\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e    \u003cLI\u003ecertaines versions ant\u00e9rieures \u00e0 la 12.3 avec le support    IPv6 activ\u00e9 ainsi que l\u0027UDP en IPv4 ;\u003c/LI\u003e    \u003cLI\u003ecertaines versions ant\u00e9rieures \u00e0 la 12.3 avec le    \u003cTT\u003eMVPN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eMulticast Virtual Private    Network\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e    \u003cLI\u003ecertaines sous-versions de la 12.2 \u00e9quipant les    \u003cSPAN class=\"textit\"\u003eCisco Catalyst 6500\u003c/SPAN\u003e et \u003cSPAN class=\n    \"textit\"\u003eCisco 7600 router\u003c/SPAN\u003e, configur\u00e9es avec    \u003cTT\u003eOSPF\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eOpen Shortest Path    First\u003c/SPAN\u003e) et \u003cTT\u003eMPLS VPN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eMulti    Protocol Label Switching Virtual Private    Networking\u003c/SPAN\u003e).\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nCisco IOS (Internetwork Operating System) est le syst\u00e8me d\u0027exploitation\nde la majorit\u00e9 des routeurs et commutateurs Cisco.\n\n-   PPTP : des vuln\u00e9rabilit\u00e9s concernant une fuite de m\u00e9moire et une\n    mauvaise gestion des blocs d\u00e9crivant les interfaces permettent un\n    \u00e9puisement des ressources entrainant un d\u00e9ni de service.\n-   DLSw : une vuln\u00e9rabilit\u00e9 affectant le traitement des trames UDP et\n    IP (protocole 91) permet un red\u00e9marrage ou un d\u00e9ni de service \u00e0\n    distance par \u00e9puisement des ressources m\u00e9moire.\n-   IPv6 : une vuln\u00e9rabilit\u00e9 permet \u00e0 l\u0027aide d\u0027une trame IPv6,\n    sp\u00e9cifiquement cr\u00e9\u00e9e et ciblant un \u00e9quipement, de provoquer un d\u00e9ni\n    de service de l\u0027interface ou de l\u0027\u00e9quipement en fonction des cas.\n-   MVPN : une trame MDT (Multicast Distribution Tree) sp\u00e9cifiquement\n    cr\u00e9\u00e9e permet de d\u00e9tourner une partie du trafic du r\u00e9seau virtuel\n    priv\u00e9.\n-   MPLS VPN : une vuln\u00e9rabilit\u00e9 permet le blocage des files, des fuites\n    m\u00e9moire et le red\u00e9marrage de l\u0027\u00e9quipement.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Cisco 100893 du 26 mars 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1151"
    },
    {
      "name": "CVE-2008-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0537"
    },
    {
      "name": "CVE-2008-1156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1156"
    },
    {
      "name": "CVE-2008-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1153"
    },
    {
      "name": "CVE-2008-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1150"
    },
    {
      "name": "CVE-2008-1152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1152"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-queue du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-dlsw du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-bundle du 26 mars 2008    :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-pptp du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-IPv4IPv6 du 26 mars    2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-mvpn du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml"
    }
  ],
  "reference": "CERTA-2008-AVI-163",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Cisco a publi\u00e9 un bulletin de s\u00e9curit\u00e9 regroupant cinq bulletins sur des\nvuln\u00e9rabilit\u00e9s s\u00e9par\u00e9es. Elles concernent toutes Cisco IOS et plus\npr\u00e9cis\u00e9ment PPTP, DLSw, IPv6, MVPN et MPLS VPN.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 100893 du 26 mars 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-163

Vulnerability from certfr_avis - Published: - Updated:

Cisco a publié un bulletin de sécurité regroupant cinq bulletins sur des vulnérabilités séparées. Elles concernent toutes Cisco IOS et plus précisément PPTP, DLSw, IPv6, MVPN et MPLS VPN.

Description

Cisco IOS (Internetwork Operating System) est le système d'exploitation de la majorité des routeurs et commutateurs Cisco.

PPTP : des vulnérabilités concernant une fuite de mémoire et une mauvaise gestion des blocs décrivant les interfaces permettent un épuisement des ressources entrainant un déni de service.
DLSw : une vulnérabilité affectant le traitement des trames UDP et IP (protocole 91) permet un redémarrage ou un déni de service à distance par épuisement des ressources mémoire.
IPv6 : une vulnérabilité permet à l'aide d'une trame IPv6, spécifiquement créée et ciblant un équipement, de provoquer un déni de service de l'interface ou de l'équipement en fonction des cas.
MVPN : une trame MDT (Multicast Distribution Tree) spécifiquement créée permet de détourner une partie du trafic du réseau virtuel privé.
MPLS VPN : une vulnérabilité permet le blocage des files, des fuites mémoire et le redémarrage de l'équipement.

Solution

Se référer au bulletin de sécurité Cisco 100893 du 26 mars 2008 pour l'obtention des correctifs (cf. section Documentation).

Les Cisco IOS déployés sont vulnérables dans les cas suivants :

les versions antérieures à la 12.3 avec le VPDN (Virtual Private Dial-up Network) activé ;
les versions antérieures à la 12.3 avec le DLSw (Data Link Switching) activé ;
certaines versions antérieures à la 12.3 avec le support IPv6 activé ainsi que l'UDP en IPv4 ;
certaines versions antérieures à la 12.3 avec le MVPN (Multicast Virtual Private Network) activé ;
certaines sous-versions de la 12.2 équipant les Cisco Catalyst 6500 et Cisco 7600 router, configurées avec OSPF (Open Shortest Path First) et MPLS VPN (Multi Protocol Label Switching Virtual Private Networking).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 100893 du 26 mars 2008	None	vendor-advisory
Bulletin de sécurité Cisco 20080326-queue du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-dlsw du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-bundle du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-pptp du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-IPv4IPv6 du 26 mars 2008 :	-	other
Bulletin de sécurité Cisco 20080326-mvpn du 26 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes \u003cTT\u003eCisco IOS\u003c/TT\u003e d\u00e9ploy\u00e9s sont  vuln\u00e9rables dans les cas suivants :  \u003cUL\u003e    \u003cLI\u003eles versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eVPDN\u003c/TT\u003e    (\u003cSPAN class=\"textit\"\u003eVirtual Private Dial-up Network\u003c/SPAN\u003e)    activ\u00e9 ;\u003c/LI\u003e    \u003cLI\u003eles versions ant\u00e9rieures \u00e0 la 12.3 avec le \u003cTT\u003eDLSw\u003c/TT\u003e    (\u003cSPAN class=\"textit\"\u003eData Link Switching\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e    \u003cLI\u003ecertaines versions ant\u00e9rieures \u00e0 la 12.3 avec le support    IPv6 activ\u00e9 ainsi que l\u0027UDP en IPv4 ;\u003c/LI\u003e    \u003cLI\u003ecertaines versions ant\u00e9rieures \u00e0 la 12.3 avec le    \u003cTT\u003eMVPN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eMulticast Virtual Private    Network\u003c/SPAN\u003e) activ\u00e9 ;\u003c/LI\u003e    \u003cLI\u003ecertaines sous-versions de la 12.2 \u00e9quipant les    \u003cSPAN class=\"textit\"\u003eCisco Catalyst 6500\u003c/SPAN\u003e et \u003cSPAN class=\n    \"textit\"\u003eCisco 7600 router\u003c/SPAN\u003e, configur\u00e9es avec    \u003cTT\u003eOSPF\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eOpen Shortest Path    First\u003c/SPAN\u003e) et \u003cTT\u003eMPLS VPN\u003c/TT\u003e (\u003cSPAN class=\"textit\"\u003eMulti    Protocol Label Switching Virtual Private    Networking\u003c/SPAN\u003e).\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nCisco IOS (Internetwork Operating System) est le syst\u00e8me d\u0027exploitation\nde la majorit\u00e9 des routeurs et commutateurs Cisco.\n\n-   PPTP : des vuln\u00e9rabilit\u00e9s concernant une fuite de m\u00e9moire et une\n    mauvaise gestion des blocs d\u00e9crivant les interfaces permettent un\n    \u00e9puisement des ressources entrainant un d\u00e9ni de service.\n-   DLSw : une vuln\u00e9rabilit\u00e9 affectant le traitement des trames UDP et\n    IP (protocole 91) permet un red\u00e9marrage ou un d\u00e9ni de service \u00e0\n    distance par \u00e9puisement des ressources m\u00e9moire.\n-   IPv6 : une vuln\u00e9rabilit\u00e9 permet \u00e0 l\u0027aide d\u0027une trame IPv6,\n    sp\u00e9cifiquement cr\u00e9\u00e9e et ciblant un \u00e9quipement, de provoquer un d\u00e9ni\n    de service de l\u0027interface ou de l\u0027\u00e9quipement en fonction des cas.\n-   MVPN : une trame MDT (Multicast Distribution Tree) sp\u00e9cifiquement\n    cr\u00e9\u00e9e permet de d\u00e9tourner une partie du trafic du r\u00e9seau virtuel\n    priv\u00e9.\n-   MPLS VPN : une vuln\u00e9rabilit\u00e9 permet le blocage des files, des fuites\n    m\u00e9moire et le red\u00e9marrage de l\u0027\u00e9quipement.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Cisco 100893 du 26 mars 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1151"
    },
    {
      "name": "CVE-2008-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0537"
    },
    {
      "name": "CVE-2008-1156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1156"
    },
    {
      "name": "CVE-2008-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1153"
    },
    {
      "name": "CVE-2008-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1150"
    },
    {
      "name": "CVE-2008-1152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1152"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-queue du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-dlsw du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-bundle du 26 mars 2008    :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-pptp du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-IPv4IPv6 du 26 mars    2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080326-mvpn du 26 mars 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml"
    }
  ],
  "reference": "CERTA-2008-AVI-163",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Cisco a publi\u00e9 un bulletin de s\u00e9curit\u00e9 regroupant cinq bulletins sur des\nvuln\u00e9rabilit\u00e9s s\u00e9par\u00e9es. Elles concernent toutes Cisco IOS et plus\npr\u00e9cis\u00e9ment PPTP, DLSw, IPv6, MVPN et MPLS VPN.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 100893 du 26 mars 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0537 (GCVE-0-2008-0537)

FKIE_CVE-2008-0537

GHSA-3X27-PVP2-3H6M

VAR-200803-0034

GSD-2008-0537

CERTA-2008-AVI-163

Description

Solution

CERTA-2008-AVI-163

Description

Solution

Tags

Sightings

Nomenclature