CVE-2007-0918

Sažetak

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.

Reference

http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml
http://www.securitytracker.com/id?1017631
http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html
http://www.securityfocus.com/bid/22549
http://secunia.com/advisories/24142
http://osvdb.org/33053
http://www.vupen.com/english/advisories/2007/0597
https://exchange.xforce.ibmcloud.com/vulnerabilities/32474
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5832

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

02-06-2022 - 17:09

Objavljeno

14-02-2007 - 02:28