CVE-2005-2451 — Code Injection in Cisco IOS

CWE-94 — Code Injection6 documents5 sources

Severity

2.1LOWNVD

EPSS

3.5%

top 12.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XR

Timeline

PublishedAug 3

Latest updateMay 1

Description

Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDcisco/ios146 versions+145

▶NVDcisco/ios_xr3.0.1, 3.1.0+1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-79vm-c3cm-gq5h: Cisco IOS 12↗2022-05-01

▶

CVEList

CVE-2005-2451: Cisco IOS 12↗2005-08-03

▶

📋Vendor Advisories

Cisco

IPv6 Crafted Packet Vulnerability↗2005-07-29

▶