Vulnerabilities > CVE-2008-3806 - Unspecified vulnerability in Cisco IOS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
COMPLETE Summary
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 11 |
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20080924-IPCHTTP.NASL |
| description | Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 49020 |
| published | 2010-09-01 |
| reporter | This script is (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/49020 |
| title | Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability - Cisco Systems |
Oval
| accepted | 2010-06-28T04:00:11.844-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805. | ||||
| family | ios | ||||
| id | oval:org.mitre.oval:def:7123 | ||||
| status | accepted | ||||
| submitted | 2010-04-30T11:06:36.000-04:00 | ||||
| title | Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability | ||||
| version | 7 |
References
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml
- http://tools.cisco.com/security/center/viewAlert.x?alertId=16646
- http://secunia.com/advisories/31990
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45592
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7123