ID CVE-2008-3803
Summary A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 02-06-2022 - 17:16)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
accepted 2008-12-22T04:00:09.762-05:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
family ios
id oval:org.mitre.oval:def:5919
status accepted
submitted 2008-09-24T11:06:36.000-04:00
title Cisco IOS MPLS VPN May Leak Information Vulnerability
version 7
refmap via4
bid 31366
cisco 20080924 Cisco IOS MPLS VPN May Leak Information
sectrack 1020940
secunia 31990
vupen ADV-2008-2670
Last major update 02-06-2022 - 17:16
Published 26-09-2008 - 16:21
Last modified 02-06-2022 - 17:16
Back to Top