Details of VAR-200703-0085

ID

VAR-200703-0085

CVE

CVE-2007-1258

TITLE

Cisco IOS of MPLS Service disruption due to processing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-000184

DESCRIPTION

Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. According to Cisco Systems information, the affected systems are limited. For details, check the information provided by the vendor.Crafted by a third party MSPLS By processing the packet, a specific device may interfere with service operation (DoS) It may be in a state. Cisco Catalyst switches and routers are prone to multiple remote denial-of-service vulnerabilities because the device fails to handle exceptional conditions. An attacker can exploit these issues to restart the affected device. Repeated exploits may lead to denial-of-service conditions. IOS is prone to a denial-of-service vulnerability. The vulnerability is caused due to an unspecified error when processing MPLS packets and can be exploited to reload an affected system. http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2007-1258 // JVNDB: JVNDB-2007-000184 // BID: 22750 // BID: 86587 // VULHUB: VHN-24620 // PACKETSTORM: 54748

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst 7600	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	catalyst 6000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2sxd	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2sxf	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(18\)sxf4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2sxb	Trust: 1.0
vendor:	cisco	model:	catalyst 6500	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2sxa	Trust: 1.0
vendor:	cisco	model:	7600 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6000 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6500 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	catalyst	scope:	eq	version:	6500	Trust: 0.6
vendor:	cisco	model:	catalyst	scope:	eq	version:	60000	Trust: 0.6
vendor:	cisco	model:	catalyst	scope:	eq	version:	7600	Trust: 0.6
vendor:	cisco	model:	catalyst 6500	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 7600	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 6000	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2 sxf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxf4	scope:	-	version:	-	Trust: 0.3

sources: BID: 22750 // BID: 86587 // JVNDB: JVNDB-2007-000184 // CNNVD: CNNVD-200703-117 // NVD: CVE-2007-1258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1258
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-1258
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200703-117
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-24620
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-1258
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-1258
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-24620
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24620 // JVNDB: JVNDB-2007-000184 // CNNVD: CNNVD-200703-117 // NVD: CVE-2007-1258

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1258

THREAT TYPE

network

Trust: 0.6

sources: BID: 22750 // BID: 86587

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200703-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000184

PATCH

title:

cisco-sa-20070228-mpls

url:

http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2007-000184

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1258	Trust: 2.8
db:	SECTRACK	id:	1017709	Trust: 2.0
db:	SECUNIA	id:	24348	Trust: 1.8
db:	VUPEN	id:	ADV-2007-0782	Trust: 1.7
db:	OSVDB	id:	33067	Trust: 1.7
db:	BID	id:	22750	Trust: 1.1
db:	XF	id:	32748	Trust: 0.9
db:	JVNDB	id:	JVNDB-2007-000184	Trust: 0.8
db:	CNNVD	id:	CNNVD-200703-117	Trust: 0.7
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5869	Trust: 0.6
db:	CISCO	id:	20070228 CISCO CATALYST 6000, 6500 AND CISCO 7600 SERIES MPLS PACKET VULNERABILITY	Trust: 0.6
db:	BID	id:	86587	Trust: 0.4
db:	VULHUB	id:	VHN-24620	Trust: 0.1
db:	PACKETSTORM	id:	54748	Trust: 0.1

sources: VULHUB: VHN-24620 // BID: 22750 // BID: 86587 // JVNDB: JVNDB-2007-000184 // PACKETSTORM: 54748 // CNNVD: CNNVD-200703-117 // NVD: CVE-2007-1258

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml	Trust: 2.4
url:	http://www.securitytracker.com/id?1017709	Trust: 2.0
url:	http://osvdb.org/33067	Trust: 1.7
url:	http://secunia.com/advisories/24348	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5869	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0782	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32748	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/32748	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1258	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1258	Trust: 0.8
url:	http://www.securityfocus.com/bid/22750	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0782	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5869	Trust: 0.6
url:	http://www.cisco.com/en/us/products/hw/switches/index.html	Trust: 0.3
url:	/archive/1/461545	Trust: 0.3
url:	http://secunia.com/advisories/24348/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/50/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/disassembling_og_reversing/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/182/	Trust: 0.1

sources: VULHUB: VHN-24620 // BID: 22750 // BID: 86587 // JVNDB: JVNDB-2007-000184 // PACKETSTORM: 54748 // CNNVD: CNNVD-200703-117 // NVD: CVE-2007-1258

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200703-117

SOURCES

db:	VULHUB	id:	VHN-24620
db:	BID	id:	22750
db:	BID	id:	86587
db:	JVNDB	id:	JVNDB-2007-000184
db:	PACKETSTORM	id:	54748
db:	CNNVD	id:	CNNVD-200703-117
db:	NVD	id:	CVE-2007-1258

LAST UPDATE DATE

2024-11-23T21:57:20.431000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24620	date:	2017-10-11T00:00:00
db:	BID	id:	22750	date:	2007-03-01T01:35:00
db:	BID	id:	86587	date:	2007-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2007-000184	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200703-117	date:	2009-03-16T00:00:00
db:	NVD	id:	CVE-2007-1258	date:	2024-11-21T00:27:53.733

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24620	date:	2007-03-03T00:00:00
db:	BID	id:	22750	date:	2007-02-28T00:00:00
db:	BID	id:	86587	date:	2007-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2007-000184	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	54748	date:	2007-03-05T23:12:53
db:	CNNVD	id:	CNNVD-200703-117	date:	2007-02-28T00:00:00
db:	NVD	id:	CVE-2007-1258	date:	2007-03-03T20:19:00