Sign-up

ID

VAR-200312-0365


CVE

CVE-2003-1398


TITLE

Cisco IOS ICMP Redirect Routing Table Modification Vulnerability

Trust: 0.9

sources: BID: 6823 // CNNVD: CNNVD-200312-180

DESCRIPTION

Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). It has been reported that it is possible to make arbitrary remote modifications to the Cisco IOS routing table. ICMP redirect messages are normally sent to indicate inefficient routing, a new route or a routing change. An attacker may specify a default gateway on the local network that does not exist, thus denying service to the affected router for traffic destined to any location outside the local subnet. Internet Operating System (IOS) is an operating system used on CISCO routers. Another possibility is to advertise that the gateway is on a completely different subnet. If a device proxyes ARP requests for this fake gateway, all communications destined for external subnets will be forwarded to the fake gateway. And if there is no device acting as an ARP request agent for the fake gateway, the information described in the first case will be blocked. A final possibility is for a malicious user to insert the default gateway as the IP address of the attacker's machine, which could lead to interception of all communications

Trust: 1.26

sources: NVD: CVE-2003-1398 // BID: 6823 // VULHUB: VHN-8223

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.1

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.2s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0st

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1e

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2f

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2e

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel:ios 12.2 tscope:neversion: -

Trust: 0.6

vendor:ciscomodel:ios 12.2 sscope:neversion: -

Trust: 0.6

vendor:ciscomodel:ios 12.0xuscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3nascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2yhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2bcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xpscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ygscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xuscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0wxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1aascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.1xx

Trust: 0.3

vendor:ciscomodel:ios 12.2tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1cxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3aascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2gsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3hascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2piscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ydscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2pbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2mbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ydscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0wtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 bscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 11.3mascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ycscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.1xv

Trust: 0.3

vendor:ciscomodel:ios 12.2xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2yfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xnscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1escope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.3

Trust: 0.3

vendor:ciscomodel:ios 12.0wcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2bcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.10sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0slscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ybscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2pscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xnscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ycscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2sascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xpscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ezscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1eascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2bscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2fscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ecscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2bxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0spscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dascope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0xv

Trust: 0.3

vendor:ciscomodel:ios 12.0scscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ybscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xzscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ddscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0stscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sxscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:12.2(12.05)

Trust: 0.3

sources: BID: 6823 // CNNVD: CNNVD-200312-180 // NVD: CVE-2003-1398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1398
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200312-180
value: CRITICAL

Trust: 0.6

VULHUB: VHN-8223
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-1398
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-8223
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8223 // CNNVD: CNNVD-200312-180 // NVD: CVE-2003-1398

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-8223 // NVD: CVE-2003-1398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-180

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200312-180

EXTERNAL IDS

db:BIDid:6823

Trust: 2.0

db:NVDid:CVE-2003-1398

Trust: 1.7

db:SECTRACKid:1006075

Trust: 1.7

db:CNNVDid:CNNVD-200312-180

Trust: 0.7

db:BUGTRAQid:20030211 FIELD NOTICE - IOS ACCEPTS ICMP REDIRECTS IN NON-DEFAULT CONFIGURATION SETTINGS

Trust: 0.6

db:XFid:11306

Trust: 0.6

db:NSFOCUSid:4381

Trust: 0.6

db:VULHUBid:VHN-8223

Trust: 0.1

sources: VULHUB: VHN-8223 // BID: 6823 // CNNVD: CNNVD-200312-180 // NVD: CVE-2003-1398

REFERENCES

url:http://www.securityfocus.com/bid/6823

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2003-02/0131.html

Trust: 1.7

url:http://securitytracker.com/id?1006075

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11306

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/11306

Trust: 0.6

url:http://www.nsfocus.net/vulndb/4381

Trust: 0.6

url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html

Trust: 0.3

url:http://www.cisco.com/public/sw-center/sw-ios.shtml

Trust: 0.3

url:/archive/1/311336

Trust: 0.3

sources: VULHUB: VHN-8223 // BID: 6823 // CNNVD: CNNVD-200312-180 // NVD: CVE-2003-1398

CREDITS

Damir Rajnovicā€» gaus@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200312-180

SOURCES

db:VULHUBid:VHN-8223
db:BIDid:6823
db:CNNVDid:CNNVD-200312-180
db:NVDid:CVE-2003-1398

LAST UPDATE DATE

2024-08-14T14:00:46.877000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-8223date:2017-07-29T00:00:00
db:BIDid:6823date:2003-02-11T00:00:00
db:CNNVDid:CNNVD-200312-180date:2003-12-31T00:00:00
db:NVDid:CVE-2003-1398date:2017-07-29T01:29:09.623

SOURCES RELEASE DATE

db:VULHUBid:VHN-8223date:2003-12-31T00:00:00
db:BIDid:6823date:2003-02-11T00:00:00
db:CNNVDid:CNNVD-200312-180date:2003-02-11T00:00:00
db:NVDid:CVE-2003-1398date:2003-12-31T05:00:00