Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2224 — Improper Authentication in Routing Software Suite

CWE-287 — Improper Authentication11 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

20.2%

top 4.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Quagga Quagga Routing Software Suite

Timeline

PublishedMay 5

Latest updateMay 3

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDquagga/quagga_routing_software_suite0.99.3+4

▶Debianquagga/quagga< 0.99.3-2

Patches

Patch: bugzilla.quagga.net ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mj28-wp87-qqjj: RIPd in Quagga 0↗2022-05-03

▶

CVEList

CVE-2006-2224: RIPd in Quagga 0↗2006-05-05

▶

OSV

CVE-2006-2224: RIPd in Quagga 0↗2006-05-05

▶

💥Exploits & PoCs

Exploit-DB

Quagga Routing Software Suite 0.9x - RIPd RIPv1 RESPONSE Packet Route Injection↗2006-05-03

▶

📋Vendor Advisories

Ubuntu

Quagga vulnerabilities↗2006-05-16

▶

Red Hat

security flaw↗2006-05-03

▶

💬Community

Bugzilla

CVE-2006-2224 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-2224 zebra RIPd route injection↗2006-05-22

▶

Bugzilla

CVE-2006-2224 Quagga RIPd route injection↗2006-05-08

▶

Bugzilla

CVE-2006-2224 Quagga RIPd route injection↗2006-05-08

▶