cvelistv5 - cve-2008-2169

CVE-2008-2169 (GCVE-0-2008-2169)

Vulnerability from cvelistv5 – Published: 2008-05-13 22:00 – Updated: 2025-04-03 13:50

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/28999	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/929656	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:58.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28999",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28999"
          },
          {
            "name": "VU#929656",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/929656"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2008-2169",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T13:49:41.661855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T13:50:33.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-05-13T22:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28999",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28999"
        },
        {
          "name": "VU#929656",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/929656"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28999",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28999"
            },
            {
              "name": "VU#929656",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/929656"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2169",
    "datePublished": "2008-05-13T22:00:00.000Z",
    "dateReserved": "2008-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-03T13:50:33.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:avici:router:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E16ECB5C-6C62-4EAB-B134-67E2FFB164A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:hitachi:gr2000:1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22F02BA5-0229-44CC-99D7-FF31CA9C663A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:hitachi:gr2000:2b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D6C86A9-6415-4A3A-A55F-183613580279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:hitachi:gr2000:2b\\\\+:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECCC842D-D459-4049-A096-1900DD621A20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:hitachi:gr2000:bh:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8670F404-9160-44E3-AF45-28ADB750388B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:hitachi:gr3000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BE18FB6-E292-47B2-8FA2-74EE122C2B02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:hitachi:gr4000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D377F14F-44AE-4D74-8C14-BA73AC77FDB7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en los routers Avici, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (sesi\\u00f3n ca\\u00edda) a trav\\u00e9s de mensajes BGP UPDATE manipulados, provocando cambio continuo de ruta (route flapping), posiblemente sea un problema relacionado con la CVE-2007-6372.\"}]",
      "id": "CVE-2008-2169",
      "lastModified": "2024-11-21T00:46:14.550",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-05-13T22:20:00.000",
      "references": "[{\"url\": \"http://www.kb.cert.org/vuls/id/929656\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/28999\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/929656\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/28999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2169\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-05-13T22:20:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en los routers Avici, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sesi\u00f3n ca\u00edda) a trav\u00e9s de mensajes BGP UPDATE manipulados, provocando cambio continuo de ruta (route flapping), posiblemente sea un problema relacionado con la CVE-2007-6372.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:avici:router:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E16ECB5C-6C62-4EAB-B134-67E2FFB164A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:hitachi:gr2000:1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22F02BA5-0229-44CC-99D7-FF31CA9C663A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:hitachi:gr2000:2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D6C86A9-6415-4A3A-A55F-183613580279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:hitachi:gr2000:2b\\\\+:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECCC842D-D459-4049-A096-1900DD621A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:hitachi:gr2000:bh:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8670F404-9160-44E3-AF45-28ADB750388B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:hitachi:gr3000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BE18FB6-E292-47B2-8FA2-74EE122C2B02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:hitachi:gr4000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D377F14F-44AE-4D74-8C14-BA73AC77FDB7\"}]}]}],\"references\":[{\"url\":\"http://www.kb.cert.org/vuls/id/929656\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/28999\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/929656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/28999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/28999\", \"name\": \"28999\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/929656\", \"name\": \"VU#929656\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T08:49:58.585Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2008-2169\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-03T13:49:41.661855Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-03T13:50:19.248Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://www.securityfocus.com/bid/28999\", \"name\": \"28999\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/929656\", \"name\": \"VU#929656\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2008-05-13T22:00:00.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/28999\", \"name\": \"28999\", \"refsource\": \"BID\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/929656\", \"name\": \"VU#929656\", \"refsource\": \"CERT-VN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2008-2169\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2008-2169\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-03T13:50:33.094Z\", \"dateReserved\": \"2008-05-13T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2008-05-13T22:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2008-2169

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2169

Aliases

CVE-2008-2169

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2169",
    "description": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.",
    "id": "GSD-2008-2169"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2169"
      ],
      "details": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.",
      "id": "GSD-2008-2169",
      "modified": "2023-12-13T01:23:00.952429Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2169",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28999",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28999"
          },
          {
            "name": "VU#929656",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/929656"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr4000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avici:router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:bh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:2b\\+:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr3000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2169"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#929656",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/929656"
            },
            {
              "name": "28999",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28999"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-05T04:00Z",
      "publishedDate": "2008-05-13T22:20Z"
    }
  }
}

FKIE_CVE-2008-2169

Vulnerability from fkie_nvd - Published: 2008-05-13 22:20 - Updated: 2025-04-09 00:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.kb.cert.org/vuls/id/929656	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/28999
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/929656	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28999

Impacted products

Vendor	Product	Version
avici	router	*
hitachi	gr2000	1b
hitachi	gr2000	2b
hitachi	gr2000	2b\+
hitachi	gr2000	bh
hitachi	gr3000	*
hitachi	gr4000	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:avici:router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16ECB5C-6C62-4EAB-B134-67E2FFB164A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hitachi:gr2000:1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F02BA5-0229-44CC-99D7-FF31CA9C663A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hitachi:gr2000:2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D6C86A9-6415-4A3A-A55F-183613580279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hitachi:gr2000:2b\\+:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCC842D-D459-4049-A096-1900DD621A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hitachi:gr2000:bh:*:*:*:*:*:*:*",
              "matchCriteriaId": "8670F404-9160-44E3-AF45-28ADB750388B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hitachi:gr3000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE18FB6-E292-47B2-8FA2-74EE122C2B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hitachi:gr4000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D377F14F-44AE-4D74-8C14-BA73AC77FDB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en los routers Avici, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sesi\u00f3n ca\u00edda) a trav\u00e9s de mensajes BGP UPDATE manipulados, provocando cambio continuo de ruta (route flapping), posiblemente sea un problema relacionado con la CVE-2007-6372."
    }
  ],
  "id": "CVE-2008-2169",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2008-05-13T22:20:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/929656"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/929656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

VAR-200805-0296

Vulnerability from variot - Updated: 2023-12-18 12:39

Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. Avici Router In the case of route flapping, service disruption ( Session destruction ) There is a vulnerability that becomes a condition. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Learn more: http://secunia.com/network_software_inspector_2/

TITLE: ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of Service

SECUNIA ADVISORY ID: SA30054

VERIFY ADVISORY: http://secunia.com/advisories/30054/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: ALAXALA Networks AX7800S Series http://secunia.com/product/5125/ ALAXALA Networks AX7800R Series http://secunia.com/product/5124/ ALAXALA Networks AX7700R http://secunia.com/product/11176/ ALAXALA Networks AX5400S Series http://secunia.com/product/5126/ ALAXALA Networks AX3600S Series http://secunia.com/product/11174/ ALAXALA Networks AX2400S Series http://secunia.com/product/11175/ ALAXALA Networks AX2000R Series http://secunia.com/product/11177/

DESCRIPTION: A vulnerability has been reported in ALAXALA Networks AX series, which can be exploited by malicious people to cause a DoS (Denial of Service).

SOLUTION: Restrict network access on affected systems.

PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT.

ORIGINAL ADVISORY: US-CERT VU#929656: http://www.kb.cert.org/vuls/id/929656

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200805-0296",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "router",
        "scope": null,
        "trust": 1.4,
        "vendor": "avici",
        "version": null
      },
      {
        "model": "gr2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "1b"
      },
      {
        "model": "router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avici",
        "version": "*"
      },
      {
        "model": "gr2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "2b\\+"
      },
      {
        "model": "gr2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "bh"
      },
      {
        "model": "gr3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "gr4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "gr2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "2b"
      },
      {
        "model": "gr4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "gr3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "gr2000-bh",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "gr2000-2b+",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "gr2000-2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "gr2000-1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "alaxala ax",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "networks ax7800s",
        "scope": null,
        "trust": 0.3,
        "vendor": "alaxala",
        "version": null
      },
      {
        "model": "networks ax7800r",
        "scope": null,
        "trust": 0.3,
        "vendor": "alaxala",
        "version": null
      },
      {
        "model": "networks ax7700r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alaxala",
        "version": "0"
      },
      {
        "model": "networks ax5400s",
        "scope": null,
        "trust": 0.3,
        "vendor": "alaxala",
        "version": null
      },
      {
        "model": "networks ax3600s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alaxala",
        "version": "0"
      },
      {
        "model": "networks ax2400s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alaxala",
        "version": "0"
      },
      {
        "model": "networks ax2000r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alaxala",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "28999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr4000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avici:router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:bh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr2000:2b\\+:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hitachi:gr3000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-2169",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-2169",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-32294",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-2169",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200805-124",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-32294",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. Avici Router In the case of route flapping, service disruption ( Session destruction ) There is a vulnerability that becomes a condition. Multiple vendors\u0027 BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. \nAlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company\u0027s hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nLearn more:\nhttp://secunia.com/network_software_inspector_2/\n\n----------------------------------------------------------------------\n\nTITLE:\nALAXALA Networks AX Series BGP UPDATE Message Processing Denial of\nService\n\nSECUNIA ADVISORY ID:\nSA30054\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30054/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nALAXALA Networks AX7800S Series\nhttp://secunia.com/product/5125/\nALAXALA Networks AX7800R Series\nhttp://secunia.com/product/5124/\nALAXALA Networks AX7700R\nhttp://secunia.com/product/11176/\nALAXALA Networks AX5400S Series\nhttp://secunia.com/product/5126/\nALAXALA Networks AX3600S Series\nhttp://secunia.com/product/11174/\nALAXALA Networks AX2400S Series\nhttp://secunia.com/product/11175/\nALAXALA Networks AX2000R Series\nhttp://secunia.com/product/11177/\n\nDESCRIPTION:\nA vulnerability has been reported in ALAXALA Networks AX series,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService). \n\nSOLUTION:\nRestrict network access on affected systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported via US-CERT. \n\nORIGINAL ADVISORY:\nUS-CERT VU#929656:\nhttp://www.kb.cert.org/vuls/id/929656\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "BID",
        "id": "28999"
      },
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "db": "PACKETSTORM",
        "id": "66123"
      },
      {
        "db": "PACKETSTORM",
        "id": "66130"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#929656",
        "trust": 3.0
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "28999",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "30054",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "30028",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-32294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66123",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66130",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "db": "BID",
        "id": "28999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "PACKETSTORM",
        "id": "66123"
      },
      {
        "db": "PACKETSTORM",
        "id": "66130"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "id": "VAR-200805-0296",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:39:34.934000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.kb.cert.org/vuls/id/929656"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/28999"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2169"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2169"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5126/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11176/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11174/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11177/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30054/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5125/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11175/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5124/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30028/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5131/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5129/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "db": "BID",
        "id": "28999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "PACKETSTORM",
        "id": "66123"
      },
      {
        "db": "PACKETSTORM",
        "id": "66130"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "db": "BID",
        "id": "28999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "db": "PACKETSTORM",
        "id": "66123"
      },
      {
        "db": "PACKETSTORM",
        "id": "66130"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "date": "2008-05-01T00:00:00",
        "db": "BID",
        "id": "28999"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "date": "2008-05-08T17:30:50",
        "db": "PACKETSTORM",
        "id": "66123"
      },
      {
        "date": "2008-05-08T17:30:50",
        "db": "PACKETSTORM",
        "id": "66130"
      },
      {
        "date": "2008-05-13T22:20:00",
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "date": "2007-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32294"
      },
      {
        "date": "2016-07-06T14:17:00",
        "db": "BID",
        "id": "28999"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      },
      {
        "date": "2008-09-05T04:00:00",
        "db": "NVD",
        "id": "CVE-2008-2169"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Avici Service disruption in routers  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003046"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-124"
      }
    ],
    "trust": 0.6
  }
}

GHSA-W9J8-C5HV-CRC7

Vulnerability from github – Published: 2022-05-01 23:47 – Updated: 2025-04-03 15:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-13T22:20:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.",
  "id": "GHSA-w9j8-c5hv-crc7",
  "modified": "2025-04-03T15:30:41Z",
  "published": "2022-05-01T23:47:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2169"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/929656"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2169 (GCVE-0-2008-2169)

GSD-2008-2169

FKIE_CVE-2008-2169

VAR-200805-0296

GHSA-W9J8-C5HV-CRC7

Tags

Sightings

Nomenclature