CVE-2008-2476

EPSS 14.85%
Published 03.10.2008 15:07:10
Last modified 09.04.2025 00:30:58
Source cret@cert.org
Teams watchlist Login
Open Login

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Data is provided by the National Vulnerability Database (NVD)

Force10 ≫ Ftos

Freebsd ≫ Freebsd Version6.3

Freebsd ≫ Freebsd Version7.1

Juniper ≫ Jnos

Netbsd ≫ Netbsd

Openbsd ≫ Openbsd Version4.2

Openbsd ≫ Openbsd Version4.3

Windriver ≫ Vxworks Version <= 6.4

Windriver ≫ Vxworks Version5

Windriver ≫ Vxworks Version5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	14.85%	0.942

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://support.apple.com/kb/HT3467

http://www.vupen.com/english/advisories/2009/0633

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc

http://secunia.com/advisories/32112

Vendor Advisory

http://secunia.com/advisories/32116

http://secunia.com/advisories/32117

Vendor Advisory

http://secunia.com/advisories/32133

http://secunia.com/advisories/32406

http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc

Vendor Advisory