CVE-2008-2476

EPSS 14.85%
Veröffentlicht 03.10.2008 15:07:10
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 27

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Force10 ≫ Ftos

Freebsd ≫ Freebsd Version6.3

Freebsd ≫ Freebsd Version7.1

Juniper ≫ Jnos

Netbsd ≫ Netbsd

Openbsd ≫ Openbsd Version4.2

Openbsd ≫ Openbsd Version4.3

Windriver ≫ Vxworks Version <= 6.4

Windriver ≫ Vxworks Version5

Windriver ≫ Vxworks Version5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.85%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://support.apple.com/kb/HT3467

http://www.vupen.com/english/advisories/2009/0633

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc

http://secunia.com/advisories/32112

Vendor Advisory

http://secunia.com/advisories/32116

http://secunia.com/advisories/32117

Vendor Advisory

http://secunia.com/advisories/32133

http://secunia.com/advisories/32406

http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc

Vendor Advisory