2.6

CVE-2006-4650

EPSS 0.64%
Veröffentlicht 09.09.2006 00:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Version12.0

Cisco ≫ Ios Version12.1

Cisco ≫ Ios Version12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.697

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/21783

http://securityreason.com/securityalert/1526

http://securitytracker.com/id?1016799

http://www.cisco.com/en/US/tech/tk827/tk369/tsd_technology_security_response09186a008072cd7b.html

http://www.osvdb.org/28590

http://www.phenoelit.de/stuff/CiscoGRE.txt

Vendor Advisory

http://www.securityfocus.com/archive/1/445322/100/0/threaded

http://www.securityfocus.com/bid/19878

http://www.vupen.com/english/advisories/2006/3502

https://exchange.xforce.ibmcloud.com/vulnerabilities/28786

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5713

https://nvd.nist.gov/vuln/detail/CVE-2006-4650

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4650

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4650

EUVD