CVE-2006-4910 — Cisco IDS Sensor Software vulnerability

CWE-3994 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.6%

top 18.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IDS Sensor Software Cisco IPS Sensor Software Cisco Intrusion Prevention System

Timeline

PublishedSep 21

Latest updateMay 1

Description

The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDcisco/ids_sensor_software4.1\(5b\)

▶NVDcisco/ips_sensor_software5.0\(6\)p1, 5.1\(1\)+1

▶ciscocisco/intrusion_prevention_system

🔴Vulnerability Details

GHSA

GHSA-32jp-v3x3-64xq: The web administration interface (mainApp) to Cisco IDS before 4↗2022-05-01

▶

📋Vendor Advisories

Cisco

Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities↗2006-09-20

▶

Cisco

Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities↗

▶