CVE-2007-0918

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-02-2007 03:28

Last modified: - 02-06-2022 07:09

Total changes: - 2

Description

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:N/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

7.1

Base score

8.6

6.9

Exploitability score

Impact score

Verification logic

vendor=cisco AND product=ios AND version=12.3ym

vendor=cisco AND product=ios AND version=12.3yq

vendor=cisco AND product=ios AND version=12.3xr

vendor=cisco AND product=ios AND version=12.4t

vendor=cisco AND product=ios AND version=12.3ya

vendor=cisco AND product=ios AND version=12.3xs

vendor=cisco AND product=ios AND version=12.3xw

vendor=cisco AND product=ios AND version=12.4mr

vendor=cisco AND product=ios AND version=12.3yj

vendor=cisco AND product=ios AND version=12.3t

vendor=cisco AND product=ios AND version=12.3yi

vendor=cisco AND product=ios AND version=12.3xq

vendor=cisco AND product=ios AND version=12.3xx

vendor=cisco AND product=ios AND version=12.3xy

vendor=cisco AND product=ios AND version=12.3yd

vendor=cisco AND product=ios AND version=12.3yg

vendor=cisco AND product=ios AND version=12.3yh

vendor=cisco AND product=ios AND version=12.3yk

vendor=cisco AND product=ios AND version=12.3ys

vendor=cisco AND product=ios AND version=12.3yt

vendor=cisco AND product=ios AND version=12.3yx

vendor=cisco AND product=ios AND version=12.3yz

vendor=cisco AND product=ios AND version=12.4

vendor=cisco AND product=ios AND version=12.4xa

vendor=cisco AND product=ios AND version=12.4xb

Reference

20070213 Multiple IOS IPS Vulnerabilities-Vendor Advisory
1017631-Broken Link, Third Party Advisory, VDB Entry
http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html
22549-Third Party Advisory, VDB Entry
24142-Third Party Advisory
33053-Broken Link
ADV-2007-0597-Permissions Required, Third Party Advisory
cisco-ios-ips-dos(32474)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:5832-Broken Link

Keywords

CVE-2007-0918

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-0918

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures