var-200604-0324
Vulnerability from variot
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. Cisco IOS XR The denial of service (DoS) There is a vulnerability that can be exploited.Denial of service by third party (DoS) May be in a state. A successful attack results in a denial-of-service condition for traffic that is being switched on an affected Modular Services Card (MSC) or line card. A sustained denial-of-service condition can also arise from repeated attacks. Cisco IOS XR Software, a member of the Cisco IOS Software family, uses a microkernel-based distributed operating system infrastructure. Cisco IOS XR runs on Cisco CRS-1 and Cisco 12000 series routers. MPLS packets are forwarded through the MPLS network, so the packets that trigger this vulnerability can be sent from remote systems in the MPLS network. Such packets cannot be received on interfaces that are not configured with MPLS.
Successful exploitation requires that MPLS has been configured on the network device.
SOLUTION: Apply patches (see patch matrix in vendor advisory).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2.50"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2.4"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2.3"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.1.0"
},
{
"model": "ios xr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios xr for prp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2.3"
},
{
"model": "ios xr for crs-1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2.3"
},
{
"model": "ios xr",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
}
],
"sources": [
{
"db": "BID",
"id": "17607"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2.3:*:crs-1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2.3:*:prp:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1928"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1928",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-1928",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-18036",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1928",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-324",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-18036",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18036"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or \"MPLS packet handling problems\") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. Cisco IOS XR The denial of service (DoS) There is a vulnerability that can be exploited.Denial of service by third party (DoS) May be in a state. \nA successful attack results in a denial-of-service condition for traffic that is being switched on an affected Modular Services Card (MSC) or line card. \nA sustained denial-of-service condition can also arise from repeated attacks. Cisco IOS XR Software, a member of the Cisco IOS Software family, uses a microkernel-based distributed operating system infrastructure. Cisco IOS XR runs on Cisco CRS-1 and Cisco 12000 series routers. MPLS packets are forwarded through the MPLS network, so the packets that trigger this vulnerability can be sent from remote systems in the MPLS network. Such packets cannot be received on interfaces that are not configured with MPLS. \n\nSuccessful exploitation requires that MPLS has been configured on the\nnetwork device. \n\nSOLUTION:\nApply patches (see patch matrix in vendor advisory). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"db": "BID",
"id": "17607"
},
{
"db": "VULHUB",
"id": "VHN-18036"
},
{
"db": "PACKETSTORM",
"id": "45608"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1928",
"trust": 2.5
},
{
"db": "BID",
"id": "17607",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19740",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "24811",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015964",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1433",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324",
"trust": 0.7
},
{
"db": "XF",
"id": "25881",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20060419 CISCO IOS XR MPLS VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-18036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45608",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18036"
},
{
"db": "BID",
"id": "17607"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"db": "PACKETSTORM",
"id": "45608"
},
{
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"id": "VAR-200604-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18036"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:11.178000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1928"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17607"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/24811"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015964"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19740"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1433"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25881"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1928"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1928"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25881"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1433"
},
{
"trust": 0.3,
"url": "/archive/1/431359"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4907/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19740/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18036"
},
{
"db": "BID",
"id": "17607"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"db": "PACKETSTORM",
"id": "45608"
},
{
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18036"
},
{
"db": "BID",
"id": "17607"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"db": "PACKETSTORM",
"id": "45608"
},
{
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-18036"
},
{
"date": "2006-04-19T00:00:00",
"db": "BID",
"id": "17607"
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"date": "2006-04-25T22:06:23",
"db": "PACKETSTORM",
"id": "45608"
},
{
"date": "2006-04-20T18:06:00",
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"date": "2006-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-18036"
},
{
"date": "2006-04-19T23:11:00",
"db": "BID",
"id": "17607"
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003955"
},
{
"date": "2017-07-20T01:31:01.803000",
"db": "NVD",
"id": "CVE-2006-1928"
},
{
"date": "2006-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR MPLS Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "17607"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-324"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.