CVE-2008-3806 — Vulnetix

CVE-2008-3806 PUBLISHED CVSS 8.5 HIGH

Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.

EPSS 1.26% · 79.7th percentile

Risk Scores

CVSS 2.0

8.5

EPSS Score

1.26%

79.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
cisco	ios	12.0s, 12.0st, 12.2sb

Exploit Intelligence

31990 (circl)
ios-udp-ipc-dos-variant2(45592) (circl)
20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability (circl)
oval:org.mitre.oval:def:7123 (circl)
http://tools.cisco.com/security/center/viewAlert.x?alertId=16646 (circl)

Timeline

Sep 25, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

31990 third-party-advisory
ios-udp-ipc-dos-variant2(45592) vdb
20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability vendor-advisory
oval:org.mitre.oval:def:7123 vdb
http://tools.cisco.com/security/center/viewAlert.x?alertId=16646 url
https://nvd.nist.gov/vuln/detail/CVE-2008-3806 advisory

Open in Interactive Console →