CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
EPSS
Percentile
89.1%
Cisco IOS and Cisco IOS XR contain a vulnerability when processing
specially crafted IPv6 packets with a Type 0 Routing Header present.
Exploitation of this vulnerability can lead to information leakage on affected
IOS and IOS XR devices, and may also result in a crash of the affected IOS
device. Successful exploitation on an affected device running Cisco IOS XR will
not result in a crash of the device itself, but may result in a crash of the
IPv6 subsystem.
Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate the effects
of the vulnerability.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak"].
Note: The August 08, 2007 publication includes four Security Advisories and
one Security Response. The advisories all affect IOS, one additionally affects
Cisco Unified Communications Manager as well. Each advisory lists the releases
that correct the vulnerability described in the advisory, and the advisories
also detail the releases that correct the vulnerabilities in all four
advisories. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak"]
Cisco IOS Next Hop Resolution Protocol Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-nhrp["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-nhrp"]
Cisco IOS Secure Copy Authorization Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-scp["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-scp"]
Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications
Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-voice["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-voice"]
Cisco Unified MeetingPlace XSS Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070808-mp["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070808-mp"]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios | 12.0s | cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:* |
cisco | ios | 12.0st | cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:* |
cisco | ios | 12.2b | cpe:2.3:o:cisco:ios:12.2b:*:*:*:*:*:*:* |
cisco | ios | 12.2s | cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:* |
cisco | ios | 12.2ya | cpe:2.3:o:cisco:ios:12.2ya:*:*:*:*:*:*:* |
cisco | ios | 12.2yd | cpe:2.3:o:cisco:ios:12.2yd:*:*:*:*:*:*:* |
cisco | ios | 12.2yh | cpe:2.3:o:cisco:ios:12.2yh:*:*:*:*:*:*:* |
cisco | ios | 12.2bc | cpe:2.3:o:cisco:ios:12.2bc:*:*:*:*:*:*:* |
cisco | ios | 12.2dd | cpe:2.3:o:cisco:ios:12.2dd:*:*:*:*:*:*:* |
cisco | ios | 12.0sx | cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:* |