CVE-2010-4671
ICMPv6 Router Announcement Flooding Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.
La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en Cisco IOS anterior a v15.0(1)XA5 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y bloqueo de dispositivo) mediante el envío de muchos mensajes Router Advertisement (AR) con distintas direcciones origen, como demostró el programa flood_router6 en el paquete thc-ipv6, también conocido como ID de error CSCti33534
An ICMPv6 router announcement flooding denial of service vulnerability affects multiple systems including Cisco, Juniper, Microsoft, and FreeBSD. Cisco has addressed the issue but Microsoft has decided to ignore it.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-06 CVE Reserved
- 2011-01-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4 | Third Party Advisory | |
| http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf | Broken Link | |
| http://www.securityfocus.com/bid/45760 | Third Party Advisory | |
| http://www.youtube.com/watch?v=00yjWB6gGy8 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64589 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html | 2024-08-07 | |
| http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | < 15.0\(1\)xa5 Search vendor "Cisco" for product "Ios" and version " < 15.0\(1\)xa5" | - |
Affected
| ||||||