Vulnerability CVE-2010-4670
Published: 2011-01-07   Modified: 2012-02-13

Description:
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.

Type:

CWE-399

 (Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Adaptive security appliance software 
Cisco -> 5500 series adaptive security appliance 
Cisco -> Asa 5500 
Cisco -> Pix security appliance 

 References:
http://xforce.iss.net/xforce/xfdb/64598
http://www.youtube.com/watch?v=00yjWB6gGy8
http://www.securitytracker.com/id?1024963
http://www.securityfocus.com/bid/45760
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf
http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4
http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3
http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html
Copyright 2024, cxsecurity.com

 

Back to Top