CVE-2008-1156Sensitive Information Exposure in Cisco IOS

CWE-16CWE-200Sensitive Information ExposureCWE-3994 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.8%
top 26.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedMar 27
Latest updateMay 1

Description

Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

NVDcisco/ios12.0, 12.2+1
NVDcisco/cisco_ios12.3, 12.4+1

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-4c4p-4x55-3pgj: Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 122022-05-01
CVEList
CVE-2008-1156: Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 122008-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak2008-03-26
CVE-2008-1156 — Sensitive Information Exposure in Cisco | cvebase