A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31990 | Third Party Advisory |
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014a9.shtml | Vendor Advisory |
http://www.securityfocus.com/bid/31366 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1020940 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2008/2670 | Permissions Required |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5919 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Jun 2022, 17:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:cisco:ios:12.0s:*:*:*:*:*:*:* cpe:2.3:h:cisco:ios:12.0sx:*:*:*:*:*:*:* |
cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:* |
CWE | NVD-CWE-noinfo | |
References | (BID) http://www.securityfocus.com/bid/31366 - Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1020940 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CISCO) http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014a9.shtml - Vendor Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5919 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31990 - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2670 - Permissions Required |
Information
Published : 2008-09-26 16:21
Updated : 2023-12-10 10:51
NVD link : CVE-2008-3803
Mitre link : CVE-2008-3803
CVE.ORG link : CVE-2008-3803
JSON object : View
Products Affected
cisco
- ios
CWE