CVE-2007-5651

Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_response09186a00808de8bb.html
http://www.securityfocus.com/bid/26139
http://www.securitytracker.com/id?1018842
http://secunia.com/advisories/27329
http://www.vupen.com/english/advisories/2007/3566
https://exchange.xforce.ibmcloud.com/vulnerabilities/37300
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5288

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:catos:7.2:::::::*
	cpe:2.3:o:cisco:catos:7.3:::::::*
	cpe:2.3:o:cisco:catos:8.4:::::::*
	cpe:2.3:o:cisco:catos:8.5:::::::*
	cpe:2.3:o:cisco:ios:12.1:::::::*
	cpe:2.3:o:cisco:catos:6.2:::::::*
	cpe:2.3:o:cisco:catos:6.3:::::::*
	cpe:2.3:o:cisco:catos:7.6:::::::*
	cpe:2.3:o:cisco:catos:8.1:::::::*
	cpe:2.3:o:cisco:ios:12.3jea:::::::*
	cpe:2.3:o:cisco:ios:12.3jeb:::::::*
	cpe:2.3:o:cisco:catos:7.4:::::::*
	cpe:2.3:o:cisco:ios:12.3jec:::::::*
	cpe:2.3:o:cisco:catos:6.4:::::::*
	cpe:2.3:o:cisco:catos:7.1:::::::*
	cpe:2.3:o:cisco:catos:7.5:::::::*
	cpe:2.3:o:cisco:catos:8.2:::::::*
	cpe:2.3:o:cisco:catos:6.1:::::::*
	cpe:2.3:o:cisco:ios:12.3ja:::::::*
	cpe:2.3:o:cisco:ios:12.4ja:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:o:cisco:catos:8.3:::::::*

Information

Published : 2007-10-23 14:47

Updated : 2017-09-28 18:29

NVD link : CVE-2007-5651

Mitre link : CVE-2007-5651

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

cisco

ios
catos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_response09186a00808de8bb.html", "name": "20071019 Extensible Authentication Protocol Vulnerability", "tags": [], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/26139", "name": "26139", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018842", "name": "1018842", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/27329", "name": "27329", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/3566", "name": "ADV-2007-3566", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37300", "name": "cisco-eap-dos(37300)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5288", "name": "oval:org.mitre.oval:def:5288", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5651", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-10-23T21:47Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:catos:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3jea:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3jeb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3jec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3ja:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4ja:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:catos:8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-29T01:29Z"}

7.1 /10