CVE-2006-0340 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-3996 documents5 sources

Severity

7.1HIGHNVD

EPSS

1.6%

top 18.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedJan 21

Latest updateMay 1

Description

Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios108 versions+107

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-7fvm-59m5-23qm: Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12↗2022-05-01

▶

CVEList

CVE-2006-0340: Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12↗2006-01-21

▶

📋Vendor Advisories

Cisco

IOS Stack Group Bidding Protocol Crafted Packet DoS↗2006-01-18

▶

💬Community

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)↗2007-04-30

▶

Bugzilla

CVE-2006-7196 tomcat XSS in example webapps↗2007-04-27

▶