VDB
CVE-2006-2224
CVE-2006-2224
PUBLISHED
CVSS 5 MEDIUM
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
EPSS 20.17% · 95.6th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
20.17%
95.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| quagga | quagga_routing_software_suite | 0, 0.95, 0.96.2 |
Timeline
- May 3, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 9, 2023 EPSS Score
- Apr 16, 2023 EPSS Score
- Nov 15, 2023 EPSS Score
- Jan 9, 2024 EPSS Score
- Mar 25, 2024 EPSS Score
- Aug 24, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
References
- SUSE-SR:2006:017 vendor-advisory
- USN-284-1 vendor-advisory
- quagga-ripd-ripv1-response-security-bypass(26251) vdb
- 20782 third-party-advisory
- oval:org.mitre.oval:def:10775 vdb
- 20138 third-party-advisory
- 20060503 Re: Quagga RIPD unauthenticated route injection mailing-list
- 20421 third-party-advisory
- 20060602-01-U vendor-advisory
- RHSA-2006:0525 vendor-advisory
- 25225 vdb
- 20137 third-party-advisory
- 1016204 vdb
- 19910 third-party-advisory
- 17808 vdb
- RHSA-2006:0533 vendor-advisory
- GLSA-200605-15 vendor-advisory
- 21159 third-party-advisory
- 20060503 Quagga RIPD unauthenticated route injection mailing-list
- http://bugzilla.quagga.net/show_bug.cgi?id=262 url
…and 5 more