Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4286Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
63.4%
top 1.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedAug 9
Latest updateMay 1

Description

Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-4xx2-mrcw-w2xx: Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 122022-05-01
CVEList
CVE-2007-4286: Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 122007-08-09

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS Next Hop Resolution Protocol (NHRP) - Denial of Service2007-08-09

📋Vendor Advisories

1
Cisco
Cisco IOS Next Hop Resolution Protocol Vulnerability2007-08-08
CVE-2007-4286 — Cisco IOS vulnerability | cvebase