Details of VAR-200109-0061

ID

VAR-200109-0061

CVE

CVE-2001-0650

TITLE

Cisco IOS vulnerable to DoS via unrecognized transitive attribute in BGP UPDATE

Trust: 0.8

sources: CERT/CC: VU#106392

DESCRIPTION

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS. IOS is the firmware designed for Cisco routers. IOS is a router specific firmware designed to allow networkers the ability to configure and control Cisco routers. A problem in IOS can allow remote users to crash Cisco routers. This problem makes it possible for a remote user to crash Cisco routers using BGP, and deny service to legitimate users

Trust: 2.7

sources: NVD: CVE-2001-0650 // CERT/CC: VU#106392 // JVNDB: JVNDB-2001-000065 // BID: 2733 // VULHUB: VHN-3460

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.0	Trust: 2.7
vendor:	cisco	model:	ios	scope:	eq	version:	11.3	Trust: 2.7
vendor:	cisco	model:	ios	scope:	eq	version:	11.2	Trust: 2.7
vendor:	cisco	model:	ios	scope:	lte	version:	12.0	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios 12.0 s	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.0 w5	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.0xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0w5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0dc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0db	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0da	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3wa4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3na	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3ha	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3db	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3da	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3aa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.2p	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.2gs	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.2f	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.2bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.2 xaf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.2 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.1(8)	Trust: 0.3
vendor:	cisco	model:	ios 12.1 dc	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 da1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 db1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.1	Trust: 0.3
vendor:	cisco	model:	ios 12.0xw	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.0xv	Trust: 0.3
vendor:	cisco	model:	ios 12.0xu	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xs	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xr	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xq	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xp	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xn	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xm	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xl	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xk	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0 t	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.0(17)	Trust: 0.3
vendor:	cisco	model:	ios 12.0 s3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	11.1	Trust: 0.3

sources: CERT/CC: VU#106392 // BID: 2733 // JVNDB: JVNDB-2001-000065 // CNNVD: CNNVD-200109-086 // NVD: CVE-2001-0650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0650
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#106392
value:	21.55
Trust: 0.8
NVD:	CVE-2001-0650
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200109-086
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3460
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-0650
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-3460
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#106392 // VULHUB: VHN-3460 // JVNDB: JVNDB-2001-000065 // CNNVD: CNNVD-200109-086 // NVD: CVE-2001-0650

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0650

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200109-086

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200109-086

CONFIGURATIONS

sources: JVNDB: JVNDB-2001-000065

PATCH

title:

Top Page

url:

http://www.cisco.com/jp/index.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2001-000065

EXTERNAL IDS

db:	BID	id:	2733	Trust: 3.6
db:	CERT/CC	id:	VU#106392	Trust: 2.5
db:	NVD	id:	CVE-2001-0650	Trust: 2.5
db:	OSVDB	id:	1830	Trust: 1.7
db:	JVNDB	id:	JVNDB-2001-000065	Trust: 0.8
db:	CNNVD	id:	CNNVD-200109-086	Trust: 0.7
db:	CISCO	id:	20010510 CISCO IOS BGP ATTRIBUTE CORRUPTION VULNERABILITY	Trust: 0.6
db:	CIAC	id:	L-082	Trust: 0.6
db:	XF	id:	6566	Trust: 0.6
db:	VULHUB	id:	VHN-3460	Trust: 0.1

sources: CERT/CC: VU#106392 // VULHUB: VHN-3460 // BID: 2733 // JVNDB: JVNDB-2001-000065 // CNNVD: CNNVD-200109-086 // NVD: CVE-2001-0650

REFERENCES

url:	http://www.securityfocus.com/bid/2733	Trust: 3.3
url:	http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/106392	Trust: 1.7
url:	http://ciac.llnl.gov/ciac/bulletins/l-082.shtml	Trust: 1.7
url:	http://www.osvdb.org/1830	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6566	Trust: 1.1
url:	http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#xtocid124918	Trust: 0.8
url:	http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#xtocid124934	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0650	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0650	Trust: 0.8
url:	http://xforce.iss.net/static/6566.php	Trust: 0.6

sources: CERT/CC: VU#106392 // VULHUB: VHN-3460 // BID: 2733 // JVNDB: JVNDB-2001-000065 // CNNVD: CNNVD-200109-086 // NVD: CVE-2001-0650

CREDITS

This vulnerability was announced iva Bugtraq in a Cisco Security Advisory on May 10, 2001.

Trust: 0.9

sources: BID: 2733 // CNNVD: CNNVD-200109-086

SOURCES

db:	CERT/CC	id:	VU#106392
db:	VULHUB	id:	VHN-3460
db:	BID	id:	2733
db:	JVNDB	id:	JVNDB-2001-000065
db:	CNNVD	id:	CNNVD-200109-086
db:	NVD	id:	CVE-2001-0650

LAST UPDATE DATE

2025-04-03T22:14:15.425000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#106392	date:	2003-04-09T00:00:00
db:	VULHUB	id:	VHN-3460	date:	2017-10-10T00:00:00
db:	BID	id:	2733	date:	2001-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2001-000065	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200109-086	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0650	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#106392	date:	2001-05-10T00:00:00
db:	VULHUB	id:	VHN-3460	date:	2001-09-20T00:00:00
db:	BID	id:	2733	date:	2001-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2001-000065	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200109-086	date:	2001-09-20T00:00:00
db:	NVD	id:	CVE-2001-0650	date:	2001-09-20T04:00:00