CVE-2007-2688 — Cisco IOS vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

4.4%

top 10.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IPS Sensor Software

Timeline

PublishedMay 16

Latest updateMay 1

Description

The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/ios12 versions+11

▶NVDcisco/ips_sensor_software11 versions+10

🔴Vulnerability Details

GHSA

GHSA-v42f-h49w-98mp: The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode cha↗2022-05-01

▶

CVEList

CVE-2007-2688: The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode cha↗2007-05-16

▶