Details of VAR-200110-0004

ID

VAR-200110-0004

CVE

CVE-2001-1071

TITLE

Cisco IOS vulnerable to denial of service via Cisco Discovery Protocol

Trust: 0.8

sources: CERT/CC: VU#139491

DESCRIPTION

Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. The Cisco IOS contains a denial-of-service vulnerability that allows nearby remote attackers to crash or temporarily disable affected network devices. CDP is implemented with some releases of the Cisco Internet Operating System. It is possible for a host on a local segment of network to cause a Cisco router to become unstable, and potentially stop routing traffic by generating large amounts of CDP traffic. This protocol can not be routed across routers to remote network segments. This could lead to the ceasing of operation of Cisco routers, and a denial of service

Trust: 1.98

sources: NVD: CVE-2001-1071 // CERT/CC: VU#139491 // BID: 3412 // VULHUB: VHN-3876

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.1	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	11.2	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	11.1	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(5.1\)xp	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	11.3\(11\)b	Trust: 1.6
vendor:	cisco	model:	catos	scope:	eq	version:	4.5\(1\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(19\)	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.19	Trust: 0.3
vendor:	cisco	model:	ios b	scope:	eq	version:	11.3.11	Trust: 0.3
vendor:	cisco	model:	ios 12.0 xp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	catos	scope:	ne	version:	4.5(1)	Trust: 0.3

sources: CERT/CC: VU#139491 // BID: 3412 // CNNVD: CNNVD-200110-033 // NVD: CVE-2001-1071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1071
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#139491
value:	19.69
Trust: 0.8
CNNVD:	CNNVD-200110-033
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3876
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1071
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3876
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#139491 // VULHUB: VHN-3876 // CNNVD: CNNVD-200110-033 // NVD: CVE-2001-1071

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-033

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200110-033

EXTERNAL IDS

db:	CERT/CC	id:	VU#139491	Trust: 2.5
db:	BID	id:	3412	Trust: 2.0
db:	NVD	id:	CVE-2001-1071	Trust: 1.7
db:	OSVDB	id:	1969	Trust: 1.7
db:	BUGTRAQ	id:	20011009 CISCO SYSTEMS - VULNERABILITY IN CDP	Trust: 0.6
db:	BUGTRAQ	id:	20011009 CISCO CDP ATTACKS	Trust: 0.6
db:	XF	id:	7242	Trust: 0.6
db:	CNNVD	id:	CNNVD-200110-033	Trust: 0.6
db:	VULHUB	id:	VHN-3876	Trust: 0.1

sources: CERT/CC: VU#139491 // VULHUB: VHN-3876 // BID: 3412 // CNNVD: CNNVD-200110-033 // NVD: CVE-2001-1071

REFERENCES

url:	http://www.securityfocus.com/bid/3412	Trust: 2.7
url:	http://www.securityfocus.com/archive/1/219257	Trust: 2.7
url:	http://www.securityfocus.com/archive/1/219305	Trust: 2.7
url:	http://www.kb.cert.org/vuls/id/139491	Trust: 2.7
url:	http://www.osvdb.org/1969	Trust: 2.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7242	Trust: 2.1
url:	http://www.phenoelit.de/irpas/	Trust: 0.8
url:	http://www.phenoelit.de/stuff/ciscocdp.txt	Trust: 0.8
url:	http://www.securityfocus.com/archive/82/83299	Trust: 0.8
url:	http://xforce.iss.net/static/7242.php	Trust: 0.6

sources: CERT/CC: VU#139491 // VULHUB: VHN-3876 // CNNVD: CNNVD-200110-033 // NVD: CVE-2001-1071

CREDITS

This vulnerability was discovered by FX <fx@phenoelit.de>, and announced via Bugtraq on October 9, 2001.

Trust: 0.3

sources: BID: 3412

SOURCES

db:	CERT/CC	id:	VU#139491
db:	VULHUB	id:	VHN-3876
db:	BID	id:	3412
db:	CNNVD	id:	CNNVD-200110-033
db:	NVD	id:	CVE-2001-1071

LAST UPDATE DATE

2024-11-22T22:58:43.705000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#139491	date:	2001-10-11T00:00:00
db:	VULHUB	id:	VHN-3876	date:	2017-10-10T00:00:00
db:	BID	id:	3412	date:	2001-10-09T00:00:00
db:	CNNVD	id:	CNNVD-200110-033	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-1071	date:	2024-11-20T23:36:48.273

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#139491	date:	2001-10-10T00:00:00
db:	VULHUB	id:	VHN-3876	date:	2001-10-09T00:00:00
db:	BID	id:	3412	date:	2001-10-09T00:00:00
db:	CNNVD	id:	CNNVD-200110-033	date:	2001-10-09T00:00:00
db:	NVD	id:	CVE-2001-1071	date:	2001-10-09T04:00:00