CVE-2010-4671

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.

La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en Cisco IOS anterior a v15.0(1)XA5 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y bloqueo de dispositivo) mediante el envío de muchos mensajes Router Advertisement (AR) con distintas direcciones origen, como demostró el programa flood_router6 en el paquete thc-ipv6, también conocido como ID de error CSCti33534

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-01-06 CVE Reserved
2011-01-07 CVE Published
2024-07-18 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (7)

URL	Tag	Source
http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4	Third Party Advisory
http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf	Broken Link
http://www.securityfocus.com/bid/45760	Third Party Advisory
http://www.youtube.com/watch?v=00yjWB6gGy8	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/64589	Third Party Advisory

URL	Date	SRC
http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html	2024-08-07
http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3	2024-08-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				< 15.0\(1\)xa5 Search vendor "Cisco" for product "Ios" and version " < 15.0\(1\)xa5"		-		Affected