CVE-2007-4285Sensitive Information Exposure in Cisco IOS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
1.2%
top 21.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedAug 9
Latest updateMay 1

Description

Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.

CVSS vector

AV:N/AC:L/C:P/I:P/A:CExploitability: 10.0 | Impact: 8.5

Affected Packages1 packages

NVDcisco/ios4 versions+3

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-x2rv-3vgv-5r78: Unspecified vulnerability in Cisco IOS and Cisco IOS XR 122022-05-01
CVEList
CVE-2007-4285: Unspecified vulnerability in Cisco IOS and Cisco IOS XR 122007-08-09

📋Vendor Advisories

1
Cisco
Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR2007-08-08
CVE-2007-4285 — Sensitive Information Exposure in Cisco | cvebase