CVE-2007-4285
HIGH severity · CVSS 9
9CVSS HIGH
Summary
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)3%
AV:N/AC:L/Au:N/C:P/I:P/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml ↗
Additional information
- NVD record
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtmlPatch
- http://secunia.com/advisories/26359Advisory
- http://www.vupen.com/english/advisories/2007/2819Advisory
- http://www.securitytracker.com/id?1018542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5840