Vulnerability CVE-2006-4650


Published: 2006-09-08   Modified: 2012-02-12

Description:
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Cisco IOS GRE issue
FX (fx phenoelit...
12.09.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cisco -> IOS 

 References:
http://securityreason.com/securityalert/1526
http://securitytracker.com/id?1016799
http://www.cisco.com/en/US/tech/tk827/tk369/tsd_technology_security_response09186a008072cd7b.html
http://www.phenoelit.de/stuff/CiscoGRE.txt
http://www.securityfocus.com/archive/1/445322/100/0/threaded
http://www.securityfocus.com/bid/19878
http://www.vupen.com/english/advisories/2006/3502
https://exchange.xforce.ibmcloud.com/vulnerabilities/28786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5713

Copyright 2022, cxsecurity.com

 

Back to Top