Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4430Improper Input Validation in Cisco Cbos

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
27.0%
top 3.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Cisco CbosCisco IOSCisco IOS XR
Timeline
PublishedAug 20
Latest updateMay 1

Description

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDcisco/ios10 versions+9
NVDcisco/cbos12.1, 12.2+1
NVDcisco/ios_xr6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-xw39-hmhj-f95j: Unspecified vulnerability in Cisco IOS 122022-05-01
CVEList
CVE-2007-4430: Unspecified vulnerability in Cisco IOS 122007-08-20

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 12.3 - Show IP BGP Regexp Remote Denial of Service2007-08-17
CVE-2007-4430 — Improper Input Validation in Cisco Cbos | cvebase