Details of VAR-200604-0324

ID

VAR-200604-0324

CVE

CVE-2006-1928

TITLE

Cisco IOS XR MPLS Denial of Service Vulnerability

Trust: 0.9

sources: BID: 17607 // CNNVD: CNNVD-200604-324

DESCRIPTION

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. Cisco IOS XR The denial of service (DoS) There is a vulnerability that can be exploited.Denial of service by third party (DoS) May be in a state. A successful attack results in a denial-of-service condition for traffic that is being switched on an affected Modular Services Card (MSC) or line card. A sustained denial-of-service condition can also arise from repeated attacks. Cisco IOS XR Software, a member of the Cisco IOS Software family, uses a microkernel-based distributed operating system infrastructure. Cisco IOS XR runs on Cisco CRS-1 and Cisco 12000 series routers. MPLS packets are forwarded through the MPLS network, so the packets that trigger this vulnerability can be sent from remote systems in the MPLS network. Such packets cannot be received on interfaces that are not configured with MPLS. Successful exploitation requires that MPLS has been configured on the network device. SOLUTION: Apply patches (see patch matrix in vendor advisory). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-1928 // JVNDB: JVNDB-2006-003955 // BID: 17607 // VULHUB: VHN-18036 // PACKETSTORM: 45608

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.50	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.4	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.3	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.2	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.1	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.1.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xr for prp	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	cisco	model:	ios xr for crs-1	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	3.3	Trust: 0.3

sources: BID: 17607 // JVNDB: JVNDB-2006-003955 // CNNVD: CNNVD-200604-324 // NVD: CVE-2006-1928

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1928
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-1928
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200604-324
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-18036
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-1928
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-18036
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-18036 // JVNDB: JVNDB-2006-003955 // CNNVD: CNNVD-200604-324 // NVD: CVE-2006-1928

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1928

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-324

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200604-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003955

EXTERNAL IDS

db:	NVD	id:	CVE-2006-1928	Trust: 2.5
db:	BID	id:	17607	Trust: 2.0
db:	SECUNIA	id:	19740	Trust: 1.8
db:	OSVDB	id:	24811	Trust: 1.7
db:	SECTRACK	id:	1015964	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1433	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003955	Trust: 0.8
db:	CNNVD	id:	CNNVD-200604-324	Trust: 0.7
db:	XF	id:	25881	Trust: 0.6
db:	CISCO	id:	20060419 CISCO IOS XR MPLS VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-18036	Trust: 0.1
db:	PACKETSTORM	id:	45608	Trust: 0.1

sources: VULHUB: VHN-18036 // BID: 17607 // JVNDB: JVNDB-2006-003955 // PACKETSTORM: 45608 // CNNVD: CNNVD-200604-324 // NVD: CVE-2006-1928

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml	Trust: 1.8
url:	http://www.securityfocus.com/bid/17607	Trust: 1.7
url:	http://www.osvdb.org/24811	Trust: 1.7
url:	http://securitytracker.com/id?1015964	Trust: 1.7
url:	http://secunia.com/advisories/19740	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1433	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25881	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1928	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1928	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/25881	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1433	Trust: 0.6
url:	/archive/1/431359	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/4907/	Trust: 0.1
url:	http://secunia.com/advisories/19740/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-18036 // BID: 17607 // JVNDB: JVNDB-2006-003955 // PACKETSTORM: 45608 // CNNVD: CNNVD-200604-324 // NVD: CVE-2006-1928

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200604-324

SOURCES

db:	VULHUB	id:	VHN-18036
db:	BID	id:	17607
db:	JVNDB	id:	JVNDB-2006-003955
db:	PACKETSTORM	id:	45608
db:	CNNVD	id:	CNNVD-200604-324
db:	NVD	id:	CVE-2006-1928

LAST UPDATE DATE

2024-08-14T14:22:45.157000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-18036	date:	2017-07-20T00:00:00
db:	BID	id:	17607	date:	2006-04-19T23:11:00
db:	JVNDB	id:	JVNDB-2006-003955	date:	2014-03-11T00:00:00
db:	CNNVD	id:	CNNVD-200604-324	date:	2006-04-24T00:00:00
db:	NVD	id:	CVE-2006-1928	date:	2017-07-20T01:31:01.803

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-18036	date:	2006-04-20T00:00:00
db:	BID	id:	17607	date:	2006-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2006-003955	date:	2014-03-11T00:00:00
db:	PACKETSTORM	id:	45608	date:	2006-04-25T22:06:23
db:	CNNVD	id:	CNNVD-200604-324	date:	2006-04-20T00:00:00
db:	NVD	id:	CVE-2006-1928	date:	2006-04-20T18:06:00