CVE-2009-0418Improper Input Validation in HP Hp-ux

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
2.0%
top 16.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Hp-ux
Timeline
PublishedFeb 4
Latest updateMay 2

Description

The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDhp/hp-uxb.11.11, b.11.23, b.11.31+2

🔴Vulnerability Details

2
GHSA
GHSA-6rg3-f36h-w236: The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B2022-05-02
CVEList
CVE-2009-0418: The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B2009-02-04
CVE-2009-0418 — Improper Input Validation in HP Hp-ux | cvebase