CVE-2008-3803

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-09-2008 06:21

Last modified: - 02-06-2022 07:16

Total changes: - 2

Description

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:P/I:P/A:P

High

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

5.1

Base score

4.9

6.4

Exploitability score

Impact score

Verification logic

vendor=cisco AND product=ios AND version=12.0sz

vendor=cisco AND product=ios AND version=12.0s

vendor=cisco AND product=ios AND version=12.0sx

Reference

20080924 Cisco IOS MPLS VPN May Leak Information-Vendor Advisory
31990-Third Party Advisory
31366-Third Party Advisory, VDB Entry
ADV-2008-2670-Permissions Required
1020940-Broken Link, Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:5919-Third Party Advisory

Keywords

CVE-2008-3803

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-3803

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures