CVE-2008-2476

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc", "name": "FreeBSD-SA-08:10", "tags": ["Vendor Advisory"], "refsource": "FREEBSD"}, {"url": "http://secunia.com/advisories/32117", "name": "32117", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.openbsd.org/errata42.html#015_ndp", "name": "[4.2] 015: SECURITY FIX: October 2, 2008", "tags": [], "refsource": "OPENBSD"}, {"url": "http://www.openbsd.org/errata43.html#006_ndp", "name": "[4.3] 006: SECURITY FIX: October 2, 2008", "tags": [], "refsource": "OPENBSD"}, {"url": "http://www.kb.cert.org/vuls/id/472363", "name": "VU#472363", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://secunia.com/advisories/32112", "name": "32112", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68", "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68", "tags": ["US Government Resource"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1020968", "name": "1020968", "tags": [], "refsource": "SECTRACK"}, {"url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view", "name": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7", "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7", "tags": ["US Government Resource"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/31529", "name": "31529", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/32116", "name": "32116", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32406", "name": "32406", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1021109", "name": "1021109", "tags": [], "refsource": "SECTRACK"}, {"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc", "name": "NetBSD-SA2008-013", "tags": [], "refsource": "NETBSD"}, {"url": "http://www.securitytracker.com/id?1021132", "name": "1021132", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2009/0633", "name": "ADV-2009-0633", "tags": [], "refsource": "VUPEN"}, {"url": "http://support.apple.com/kb/HT3467", "name": "http://support.apple.com/kb/HT3467", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2008/2752", "name": "ADV-2008-2752", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2750", "name": "ADV-2008-2750", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2751", "name": "ADV-2008-2751", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/32133", "name": "32133", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601", "name": "multiple-vendors-ndp-dos(45601)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670", "name": "oval:org.mitre.oval:def:5670", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2476", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-10-03T15:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:force10:ftos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:jnos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.4"}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-29T01:31Z"}