CVE-2007-0918 — Improper Input Validation in Cisco IOS

CWE-399 CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.1HIGHNVD

EPSS

2.9%

top 13.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedFeb 14

Latest updateMay 1

Description

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios25 versions+24

🔴Vulnerability Details

GHSA

GHSA-q9c9-whcq-8v29: The ATOMIC↗2022-05-01

▶

CVEList

CVE-2007-0918: The ATOMIC↗2007-02-14

▶

📋Vendor Advisories

Cisco

Multiple IOS IPS Vulnerabilities↗2007-02-13

▶