Vulnerability Name:

CVE-2007-4430 (CCN-36399)

Assigned:2007-08-17
Published:2007-08-17
Updated:2011-05-18
Summary:Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command.
Note: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-4430

Source: MISC
Type: UNKNOWN
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddf7bc9

Source: CCN
Type: SA26798
Cisco IOS Regular Expressions Denial of Service

Source: SECUNIA
Type: Vendor Advisory
26798

Source: CCN
Type: SECTRACK ID: 1018685
Cisco IOS Stack Overflow in Processing IP BGP Regex Commands Lets Remote Authenticated Users Deny Service

Source: CISCO
Type: UNKNOWN
20070912 Cisco IOS Reload on Regular Expression Processing

Source: CCN
Type: Cisco IOS Web site
Cisco IOS Software - Products & Services - Cisco Systems

Source: CCN
Type: cisco-sr-20070912-regexp.shtml
Cisco Security Response: Reload on Processing a Command Including a Regular Expression

Source: CCN
Type: heise Security News, 17.08.2007 18:03
DoS vulnerability in Cisco IOS compromises Internet routers

Source: MISC
Type: UNKNOWN
http://www.heise-security.co.uk/news/94526/

Source: CCN
Type: OSVDB ID: 37104
Cisco IOS Regular Expressions (Regexp) Processing DoS

Source: BID
Type: UNKNOWN
25352

Source: CCN
Type: BID-25352
Cisco IOS Show IP BGP Regexp Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018685

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3136

Source: XF
Type: UNKNOWN
cisco-ios-regexp-dos(36399)

Source: MLIST
Type: UNKNOWN
[cisco-nsp] 20070817 Heads up: "sh ip bgp regexp" crashing router

Source: MLIST
Type: UNKNOWN
[cisco-nsp] 20070817 About the posting entitled "Heads up: "sh ip bgp regexp" crashing router"

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:cli:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:cbos:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:cbos:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:cbos:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ids:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.4:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:cisco:ios:12.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ids:-:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.4:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:cli:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco cli *
    cisco cbos *
    cisco cbos 12.1
    cisco cbos 12.2
    cisco ids *
    cisco ios 10.0
    cisco ios 10.3
    cisco ios 11.0
    cisco ios 11.1
    cisco ios 11.2
    cisco ios 12.0
    cisco ios 12.1
    cisco ios 12.2
    cisco ios 12.3
    cisco ios 12.4
    cisco ios xr *
    cisco ios xr 2.0
    cisco ios xr 3.0
    cisco ios xr 3.1
    cisco ios xr 3.2
    cisco ios xr 3.3
    cisco ios xr 3.4
    cisco ios 12.0
    cisco ios 12.1
    cisco ios 12.2
    cisco ids -
    cisco ios 11.1
    cisco ios 11.2
    cisco ios xr *
    cisco ios 12.3
    cisco ios 12.4
    cisco ios 10.0
    cisco ios 10.3
    cisco ios 11.0
    cisco ios xr 2.0
    cisco ios xr 3.0
    cisco ios xr 3.1
    cisco ios xr 3.2
    cisco ios xr 3.3
    cisco ios xr 3.4
    cisco cli *