CVE-2008-3803 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
1.5%
top 18.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 26
Latest updateMay 2

Description

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/ios12.0s, 12.0sx, 12.0sz+2

🔎Vulnerability Details

2
GHSA
GHSA-2wcv-w38q-52h8: A "logic error" in Cisco IOS 12↗2022-05-02
▶
CVEList
CVE-2008-3803: A "logic error" in Cisco IOS 12↗2008-09-26
▶

📋Vendor Advisories

1
Cisco
Cisco IOS MPLS VPN May Leak Information↗2008-09-24
▶
CVE-2008-3803 — Improper Input Validation in Cisco IOS | cvebase