Описание
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Permissions Required
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Permissions Required
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01514
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
почти 4 года назад
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
EPSS
Процентиль: 81%
0.01514
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-noinfo