Sign-up

ID

VAR-200512-0079


CVE

CVE-2005-4437


TITLE

Cisco EIGRP Protocol HELLO Packet Replay Vulnerability

Trust: 0.9

sources: BID: 15970 // CNNVD: CNNVD-200512-469

DESCRIPTION

MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Cisco IOS As a routing protocol Cisco Proprietary extended distance vector protocol EIGRP (Enhanced Interior Gateway Routing Protocol) Has been implemented. Cisco IOS Implemented in EIGRP There are several problems: 1) EIGRP Adjacent devices are notified when the routing process ends Goodbye Message There is a problem with improper handling. Intentionally created by a remote attacker Goodbye Message If is sent, adjacency with the device may be lost. 2) Authenticated EIGRP There is a flaw in the packet verification method, MD5 Contains a hash value EIGRP There is a problem that allows eavesdropping on packets and reusing their hash values. A remote attacker EIGRP HELLO If a packet is sent to the target device, the response from the target device EIGRP You may get information about your domain. Also, BID 6443 Like the problem of network bandwidth ARP It can be exhausted with requests and eventually result in an unusable network.Please refer to the “Overview” for the impact of this vulnerability. This issue allows attackers to gain access to potentially sensitive network information in EIGRP UPDATE reply packets, or to cause a denial of service condition by flooding routers with HELLO packets. By utilizing replayed HELLO packets with MD5 enabled, attackers may cause a more severe denial of service condition. The Cisco EIGRP protocol is susceptible to a remote denial of service vulnerability. This issue is possible when MD5 neighbor authentication is not in use. This issue allows attackers to cause routing relationships to be torn down, forcing them to be reestablished. The routing link will be unavailable during the time that the link is torn down, until it is reestablished. By repeating the attack, a sustained denial of network service is possible. This issue is being tracked by Cisco Bug ID CSCsc13698

Trust: 2.25

sources: NVD: CVE-2005-4437 // JVNDB: JVNDB-2005-000747 // BID: 15970 // BID: 15978 // VULHUB: VHN-15645

AFFECTED PRODUCTS

vendor:extended interior gateway routing protocolmodel:extended interior gateway routing protocolscope:eqversion:1.2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.1

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.3

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 0.8

vendor:ciscomodel:eigrpscope:eqversion:1.2

Trust: 0.6

sources: BID: 15970 // BID: 15978 // JVNDB: JVNDB-2005-000747 // CNNVD: CNNVD-200512-469 // NVD: CVE-2005-4437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-4437
value: HIGH

Trust: 1.0

NVD: CVE-2005-4437
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200512-469
value: HIGH

Trust: 0.6

VULHUB: VHN-15645
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-4437
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-15645
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-15645 // JVNDB: JVNDB-2005-000747 // CNNVD: CNNVD-200512-469 // NVD: CVE-2005-4437

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4437

THREAT TYPE

network

Trust: 0.6

sources: BID: 15970 // BID: 15978

TYPE

Design Error

Trust: 1.2

sources: BID: 15970 // BID: 15978 // CNNVD: CNNVD-200512-469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2005-000747

PATCH
title:cisco-response-20051220-eigrpurl:http://www.cisco.com/warp/public/707/cisco-response-20051220-eigrp.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2005-000747

EXTERNAL IDS
db:BIDid:15970
Trust: 2.8
db:NVDid:CVE-2005-4437
Trust: 2.5
db:SREASONid:274
Trust: 1.7
db:SECTRACKid:1015382
Trust: 1.7
db:VUPENid:ADV-2005-3008
Trust: 1.7
db:BIDid:15978
Trust: 1.1
db:JVNDBid:JVNDB-2005-000747
Trust: 0.8
db:CNNVDid:CNNVD-200512-469
Trust: 0.7
db:FULLDISCid:20051220 RE: AUTHENTICATED EIGRP DOS / INFORMATION LEAK
Trust: 0.6
db:FULLDISCid:20051219 AUTHENTICATED EIGRP DOS / INFORMATION LEAK
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5741
Trust: 0.6
db:BUGTRAQid:20051219 AUTHENTICATED EIGRP DOS / INFORMATION LEAK
Trust: 0.6
db:BUGTRAQid:20051220 RE: UNAUTHENTICATED EIGRP DOS
Trust: 0.6
db:VULHUBid:VHN-15645
Trust: 0.1
sources:
            
            
            VULHUB: VHN-15645 // 
            
            
            
            BID: 15970 // 
            
            
            
            BID: 15978 // 
            
            
            
            JVNDB: JVNDB-2005-000747 // 
            
            
            
            CNNVD: CNNVD-200512-469 // 
            
            
            
            NVD: CVE-2005-4437

REFERENCES
url:http://www.securityfocus.com/bid/15970
Trust: 2.5
url:http://lists.grok.org.uk/pipermail/full-disclosure/2005-december/040332.html
Trust: 1.7
url:http://securitytracker.com/id?1015382
Trust: 1.7
url:http://securityreason.com/securityalert/274
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2005/3008
Trust: 1.4
url:http://www.securityfocus.com/archive/1/419830/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/419898/100/0/threaded
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5741
Trust: 1.1
url:http://www.vupen.com/english/advisories/2005/3008
Trust: 1.1
url:http://marc.info/?l=full-disclosure&m=113504451523186&w=2
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4437
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-4437
Trust: 0.8
url:http://www.securityfocus.com/bid/15978
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html
Trust: 0.6
url:http://www.cisco.com/public/sw-center/sw-ios.shtml
Trust: 0.6
url:/archive/1/419898
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/419830/100/0/threaded
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5741
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=full-disclosure&m=113504451523186&w=2
Trust: 0.6
url:/archive/1/419830
Trust: 0.3
url:http://marc.info/?l=full-disclosure&m=113504451523186&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-15645 // 
            
            
            
            BID: 15970 // 
            
            
            
            BID: 15978 // 
            
            
            
            JVNDB: JVNDB-2005-000747 // 
            
            
            
            CNNVD: CNNVD-200512-469 // 
            
            
            
            NVD: CVE-2005-4437

CREDITS
Andrew A. Vladimirov" <mlists@arhont.com>, Arhont Ltd disclosed this weakness.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200512-469

SOURCES
db:VULHUBid:VHN-15645
db:BIDid:15970
db:BIDid:15978
db:JVNDBid:JVNDB-2005-000747
db:CNNVDid:CNNVD-200512-469
db:NVDid:CVE-2005-4437

LAST UPDATE DATE
2024-08-14T14:48:13.932000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-15645date:2018-10-19T00:00:00
db:BIDid:15970date:2005-12-19T00:00:00
db:BIDid:15978date:2005-12-19T00:00:00
db:JVNDBid:JVNDB-2005-000747date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200512-469date:2009-03-04T00:00:00
db:NVDid:CVE-2005-4437date:2018-10-19T15:40:56.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-15645date:2005-12-21T00:00:00
db:BIDid:15970date:2005-12-19T00:00:00
db:BIDid:15978date:2005-12-19T00:00:00
db:JVNDBid:JVNDB-2005-000747date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200512-469date:2005-12-20T00:00:00
db:NVDid:CVE-2005-4437date:2005-12-21T01:03:00