CVE-2006-4650

critical

Description

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5713

https://exchange.xforce.ibmcloud.com/vulnerabilities/28786

http://www.vupen.com/english/advisories/2006/3502

http://www.securityfocus.com/bid/19878

http://www.securityfocus.com/archive/1/445322/100/0/threaded

http://www.phenoelit.de/stuff/CiscoGRE.txt

http://www.osvdb.org/28590

http://www.cisco.com/en/US/tech/tk827/tk369/tsd_technology_security_response09186a008072cd7b.html

http://securitytracker.com/id?1016799

http://securityreason.com/securityalert/1526

http://secunia.com/advisories/21783

Details

Source: Mitre, NVD

Published: 2006-09-09

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical