CVE-2007-4285
published 2007-08-09CVE-2007-4285: Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to…
critical9CVSS 3.1
AVNACLAuNCPIPAC
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios_and_cisco_ios-xr | — | — |
Cisco
Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
vendor_cisco·2007-08-08·CVSS 8.0
CVE-2007-4285 [HIGH] CWE-200 Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
Cisco IOS and Cisco IOS XR contain a vulnerability when processing
specially crafted IPv6 packets with a Type 0 Routing Header present.
Exploitation of this vulnerability can lead to information leakage on affected
IOS and IOS XR devices, and may also result in a crash of the affected IOS
device. Successful exploitation on an affected device running Cisco IOS XR will
not result in a crash of the device itself, but may result in a crash of the
IPv6 subsystem.
Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate the effects
of the vulnerability.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/Cis
Cisco
Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
vendor_cisco
CVE-2007-4285 Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
CVE-2007-4285: Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected IOS and IOS XR devices, and may also result in a crash of the affected IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem. Cisco has made free software available to address this vulnerability for affected customers. There are
CWE: CWE-200, CWE-200
Bug IDs: CSCef77013, CSCef77013, CSCsi74127, CSCef77013, CSCef77013
GHSA
GHSA-x2rv-3vgv-5r78: Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12
ghsa_unreviewed·2022-05-01
CVE-2007-4285 [HIGH] GHSA-x2rv-3vgv-5r78: Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/26359http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtmlhttp://www.securitytracker.com/id?1018542http://www.vupen.com/english/advisories/2007/2819https://exchange.xforce.ibmcloud.com/vulnerabilities/35906https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5840http://secunia.com/advisories/26359http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtmlhttp://www.securitytracker.com/id?1018542http://www.vupen.com/english/advisories/2007/2819https://exchange.xforce.ibmcloud.com/vulnerabilities/35906https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5840
2007-08-09
Published