// For flags

CVE-2006-2223

Quagga Routing Software Suite 0.9x - RIPd RIPv1 Request Routing Table Disclosure

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticación MD5 o en texto plano, lo que permite a atacantes remotos obtener información sensible (estado de encaminamiento) mediante paquetes "REQUEST" como "SEND UPDATE".º

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-05-03 First Exploit
  • 2006-05-05 CVE Reserved
  • 2006-05-05 CVE Published
  • 2024-03-25 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (26)
URL Date SRC
http://secunia.com/advisories/19910 2018-10-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.5
Search vendor "Quagga" for product "Quagga" and version "0.98.5"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.99.3
Search vendor "Quagga" for product "Quagga" and version "0.99.3"
-
Affected