CVE-2007-0917

The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml
http://www.securitytracker.com/id?1017631
http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html
http://www.securityfocus.com/bid/22549
http://secunia.com/advisories/24142
http://osvdb.org/33052
http://www.vupen.com/english/advisories/2007/0597
https://exchange.xforce.ibmcloud.com/vulnerabilities/32473
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5858

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.3xw:::::::*
	cpe:2.3:o:cisco:ios:12.3xx:::::::*
	cpe:2.3:o:cisco:ios:12.3yj:::::::*
	cpe:2.3:o:cisco:ios:12.3yk:::::::*
	cpe:2.3:o:cisco:ios:12.4mr:::::::*
	cpe:2.3:o:cisco:ios:12.4t:::::::*
	cpe:2.3:o:cisco:ios:12.3xy:::::::*
	cpe:2.3:o:cisco:ios:12.3ya:::::::*
	cpe:2.3:o:cisco:ios:12.3ym:::::::*
	cpe:2.3:o:cisco:ios:12.3yq:::::::*
	cpe:2.3:o:cisco:ios:12.4xa:::::::*
	cpe:2.3:o:cisco:ios:12.3xr:::::::*
	cpe:2.3:o:cisco:ios:12.3xs:::::::*
	cpe:2.3:o:cisco:ios:12.3t:::::::*
	cpe:2.3:o:cisco:ios:12.3yd:::::::*
	cpe:2.3:o:cisco:ios:12.3yt:::::::*
	cpe:2.3:o:cisco:ios:12.3yz:::::::*
	cpe:2.3:o:cisco:ios:12.3yg:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*
	cpe:2.3:o:cisco:ios:12.3yx:::::::*
	cpe:2.3:o:cisco:ios:12.3xq:::::::*
	cpe:2.3:o:cisco:ios:12.3ys:::::::*
	cpe:2.3:o:cisco:ios:12.3yh:::::::*
	cpe:2.3:o:cisco:ios:12.4xb:::::::*
	cpe:2.3:o:cisco:ios:12.3yi:::::::*

Information

Published : 2007-02-13 18:28

Updated : 2017-10-10 18:31

NVD link : CVE-2007-0917

Mitre link : CVE-2007-0917

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

cisco

ios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml", "name": "20070213 Multiple IOS IPS Vulnerabilities", "tags": [], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id?1017631", "name": "1017631", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html", "name": "http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/22549", "name": "22549", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/24142", "name": "24142", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/33052", "name": "33052", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0597", "name": "ADV-2007-0597", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32473", "name": "cisco-ios-ips-security-bypass(32473)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5858", "name": "oval:org.mitre.oval:def:5858", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0917", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-02-14T02:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xw:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xx:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yj:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4mr:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xy:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3ya:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3ym:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4xa:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xr:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xs:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yt:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yz:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yg:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yx:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3ys:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yh:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4xb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3yi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:31Z"}