CVE-2008-2476
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.2 Medium
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.6%
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Affected configurations
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
secunia.com/advisories/32112
secunia.com/advisories/32116
secunia.com/advisories/32117
secunia.com/advisories/32133
secunia.com/advisories/32406
security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
securitytracker.com/id?1020968
support.apple.com/kb/HT3467
www.kb.cert.org/vuls/id/472363
www.kb.cert.org/vuls/id/MAPG-7H2RY7
www.kb.cert.org/vuls/id/MAPG-7H2S68
www.openbsd.org/errata42.html#015_ndp
www.openbsd.org/errata43.html#006_ndp
www.securityfocus.com/bid/31529
www.securitytracker.com/id?1021109
www.securitytracker.com/id?1021132
www.vupen.com/english/advisories/2008/2750
www.vupen.com/english/advisories/2008/2751
www.vupen.com/english/advisories/2008/2752
www.vupen.com/english/advisories/2009/0633
exchange.xforce.ibmcloud.com/vulnerabilities/45601
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.2 Medium
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.6%