Sign-up

ID

VAR-200604-0323


CVE

CVE-2006-1927


TITLE

Cisco IOS XR MPLS Denial of Service Vulnerability

Trust: 0.9

sources: BID: 17607 // CNNVD: CNNVD-200604-321

DESCRIPTION

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. Cisco IOS XR There is a service disruption (Line Card crash ) There are vulnerabilities that are put into a state.Service disruption by a third party (Line Card crash ) There is a possibility of being put into a state. A successful attack results in a denial-of-service condition for traffic that is being switched on an affected Modular Services Card (MSC) or line card. A sustained denial-of-service condition can also arise from repeated attacks. Cisco IOS XR Software, a member of the Cisco IOS Software family, uses a microkernel-based distributed operating system infrastructure. Cisco IOS XR runs on Cisco CRS-1 and Cisco 12000 series routers. MPLS packets are forwarded through the MPLS network, so the packets that trigger this vulnerability can be sent from remote systems in the MPLS network. Such packets cannot be received on interfaces that are not configured with MPLS. Successful exploitation requires that MPLS has been configured on the network device. SOLUTION: Apply patches (see patch matrix in vendor advisory). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-1927 // JVNDB: JVNDB-2006-003954 // BID: 17607 // VULHUB: VHN-18035 // PACKETSTORM: 45608

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:3.2.50

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.2.4

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.2.3

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.2.2

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.2.1

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.2

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.1.0

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:3.0.1

Trust: 1.6

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xr for prpscope:eqversion:3.2.3

Trust: 0.3

vendor:ciscomodel:ios xr for crs-1scope:eqversion:3.2.3

Trust: 0.3

vendor:ciscomodel:ios xrscope:neversion:3.3

Trust: 0.3

sources: BID: 17607 // JVNDB: JVNDB-2006-003954 // CNNVD: CNNVD-200604-321 // NVD: CVE-2006-1927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1927
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-1927
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200604-321
value: MEDIUM

Trust: 0.6

VULHUB: VHN-18035
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1927
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-18035
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-18035 // JVNDB: JVNDB-2006-003954 // CNNVD: CNNVD-200604-321 // NVD: CVE-2006-1927

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-321

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200604-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003954

EXTERNAL IDS
db:NVDid:CVE-2006-1927
Trust: 2.5
db:BIDid:17607
Trust: 2.0
db:SECUNIAid:19740
Trust: 1.8
db:SECTRACKid:1015964
Trust: 1.7
db:VUPENid:ADV-2006-1433
Trust: 1.7
db:JVNDBid:JVNDB-2006-003954
Trust: 0.8
db:CNNVDid:CNNVD-200604-321
Trust: 0.7
db:XFid:25881
Trust: 0.6
db:CISCOid:20060419 CISCO IOS XR MPLS VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-18035
Trust: 0.1
db:PACKETSTORMid:45608
Trust: 0.1
sources:
            
            
            VULHUB: VHN-18035 // 
            
            
            
            BID: 17607 // 
            
            
            
            JVNDB: JVNDB-2006-003954 // 
            
            
            
            PACKETSTORM: 45608 // 
            
            
            
            CNNVD: CNNVD-200604-321 // 
            
            
            
            NVD: CVE-2006-1927

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml
Trust: 1.8
url:http://www.securityfocus.com/bid/17607
Trust: 1.7
url:http://securitytracker.com/id?1015964
Trust: 1.7
url:http://secunia.com/advisories/19740
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/1433
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25881
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1927
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1927
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/25881
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/1433
Trust: 0.6
url:/archive/1/431359
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/4907/
Trust: 0.1
url:http://secunia.com/advisories/19740/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-18035 // 
            
            
            
            BID: 17607 // 
            
            
            
            JVNDB: JVNDB-2006-003954 // 
            
            
            
            PACKETSTORM: 45608 // 
            
            
            
            CNNVD: CNNVD-200604-321 // 
            
            
            
            NVD: CVE-2006-1927

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200604-321

SOURCES
db:VULHUBid:VHN-18035
db:BIDid:17607
db:JVNDBid:JVNDB-2006-003954
db:PACKETSTORMid:45608
db:CNNVDid:CNNVD-200604-321
db:NVDid:CVE-2006-1927

LAST UPDATE DATE
2024-08-14T14:22:45.120000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-18035date:2017-07-20T00:00:00
db:BIDid:17607date:2006-04-19T23:11:00
db:JVNDBid:JVNDB-2006-003954date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200604-321date:2006-04-24T00:00:00
db:NVDid:CVE-2006-1927date:2017-07-20T01:31:01.723

SOURCES RELEASE DATE
db:VULHUBid:VHN-18035date:2006-04-20T00:00:00
db:BIDid:17607date:2006-04-19T00:00:00
db:JVNDBid:JVNDB-2006-003954date:2014-03-11T00:00:00
db:PACKETSTORMid:45608date:2006-04-25T22:06:23
db:CNNVDid:CNNVD-200604-321date:2006-04-20T00:00:00
db:NVDid:CVE-2006-1927date:2006-04-20T18:06:00