CVE-2005-4436 - Cisco EIGRP Protocol Unauthenticated Goodbye Packet Remote Denial Of Service Vulnerability

Publication

2005-12-21

Last modification

2018-10-19

Summary

Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:C)

High

7.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

OVAL definition

{
    "accepted": "2008-09-08T04:00:24.411-04:00",
    "class": "vulnerability",
    "contributors": [
        {
            "name": "Yuzheng Zhou",
            "organization": "Hewlett-Packard"
        }
    ],
    "description": "Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a \"spoofed neighbor announcement\" with (1) mismatched k values or (2) \"goodbye message\" Type-Length-Value (TLV).",
    "family": "ios",
    "id": "oval:org.mitre.oval:def:5454",
    "status": "accepted",
    "submitted": "2008-05-26T11:06:36.000-04:00",
    "title": "Cisco \"EIGRP\" Protocol \"Goodbye Message\" Packet Replay Vulnerability",
    "version": "3"
}