CVE-2007-0918

high

Description

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32474

http://www.vupen.com/english/advisories/2007/0597

http://www.securityfocus.com/bid/22549

http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html

http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml

http://secunia.com/advisories/24142

Details

Source: Mitre, NVD

Published: 2007-02-14

Updated: 2022-06-02

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High