ID CVE-2005-4436
Summary Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).
References
Vulnerable Configurations
  • cpe:2.3:a:extended_interior_gateway_routing_protocol:extended_interior_gateway_routing_protocol:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:extended_interior_gateway_routing_protocol:extended_interior_gateway_routing_protocol:1.2:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2008-09-08T04:00:24.411-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).
family ios
id oval:org.mitre.oval:def:5454
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco "EIGRP" Protocol "Goodbye Message" Packet Replay Vulnerability
version 3
refmap via4
bid 15978
bugtraq 20051220 Re: Unauthenticated EIGRP DoS
fulldisc
  • 20051219 Unauthenticated EIGRP DoS
  • 20051220 RE: Authenticated EIGRP DoS / Information leak
sectrack 1015382
vupen ADV-2005-3008
Last major update 19-10-2018 - 15:40
Published 21-12-2005 - 01:03
Last modified 19-10-2018 - 15:40
Back to Top