Sign-up

ID

VAR-200110-0021


CVE

CVE-2001-0741


TITLE

Hot Standby Router Protocol (HSRP) uses weak authentication

Trust: 0.8

sources: CERT/CC: VU#228186

DESCRIPTION

Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. A denial-of-service vulnerability exists in the Hot Standby Router Protocol (HSRP) . It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren't using ICMP Router Discovery Protocol to find the new router handling traffic for their segment. By eavesdropping on HSRP management messages sent over the network, it is possible to create a spoofed message that will reroute all network traffic to a particular system. By doing so, it is possible to prevent traffic from entering or leaving that network. This problem makes it possible for system local to the network to deny service to legitmate users of that network segment

Trust: 1.98

sources: NVD: CVE-2001-0741 // CERT/CC: VU#228186 // BID: 2684 // VULHUB: VHN-3549

AFFECTED PRODUCTS

vendor:ciscomodel:hsrpscope:eqversion:*

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:hsrpscope: - version: -

Trust: 0.6

vendor:ciscomodel:hsrp rfc2281scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#228186 // BID: 2684 // CNNVD: CNNVD-200110-075 // NVD: CVE-2001-0741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0741
value: LOW

Trust: 1.0

CARNEGIE MELLON: VU#228186
value: 6.33

Trust: 0.8

CNNVD: CNNVD-200110-075
value: LOW

Trust: 0.6

VULHUB: VHN-3549
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2001-0741
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3549
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#228186 // VULHUB: VHN-3549 // CNNVD: CNNVD-200110-075 // NVD: CVE-2001-0741

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0741

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200110-075

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200110-075

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3549

EXTERNAL IDS
db:BIDid:2684
Trust: 2.8
db:NVDid:CVE-2001-0741
Trust: 2.0
db:CERT/CCid:VU#228186
Trust: 0.8
db:CNNVDid:CNNVD-200110-075
Trust: 0.7
db:XFid:6497
Trust: 0.6
db:BUGTRAQid:20010503 CISCO HSRP WEAKNESS/DOS
Trust: 0.6
db:EXPLOIT-DBid:20821
Trust: 0.1
db:SEEBUGid:SSVID-74678
Trust: 0.1
db:VULHUBid:VHN-3549
Trust: 0.1
sources:
            
            
            CERT/CC: VU#228186 // 
            
            
            
            VULHUB: VHN-3549 // 
            
            
            
            BID: 2684 // 
            
            
            
            CNNVD: CNNVD-200110-075 // 
            
            
            
            NVD: CVE-2001-0741

REFERENCES
url:http://www.securityfocus.com/bid/2684
Trust: 2.5
url:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html
Trust: 1.7
url:http://www.cisco.com/networkers/nw00/pres/2402.pdf
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6497
Trust: 1.1
url:http://www.faqs.org/rfcs/rfc2281.html
Trust: 0.8
url:http://www.cisco.com/warp/public/619/3.html
Trust: 0.8
url:http://www.cisco.com/warp/public/619/hsrpguidetoc.html
Trust: 0.8
url:http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdip.htm#xtocid1715023
Trust: 0.8
url:http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm#xtocid122331
Trust: 0.8
url:http://xforce.iss.net/static/6497.php
Trust: 0.6
sources:
            
            
            CERT/CC: VU#228186 // 
            
            
            
            VULHUB: VHN-3549 // 
            
            
            
            CNNVD: CNNVD-200110-075 // 
            
            
            
            NVD: CVE-2001-0741

CREDITS
This vulnerability was announced by bashis <bash@ns.wcd.se> via Bugtraq on May 3, 2001.
Trust: 0.9
sources:
            
            
            BID: 2684 // 
            
            
            
            CNNVD: CNNVD-200110-075

SOURCES
db:CERT/CCid:VU#228186
db:VULHUBid:VHN-3549
db:BIDid:2684
db:CNNVDid:CNNVD-200110-075
db:NVDid:CVE-2001-0741

LAST UPDATE DATE
2025-04-03T22:37:42.188000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#228186date:2001-12-18T00:00:00
db:VULHUBid:VHN-3549date:2017-10-10T00:00:00
db:BIDid:2684date:2009-07-11T06:06:00
db:CNNVDid:CNNVD-200110-075date:2005-05-13T00:00:00
db:NVDid:CVE-2001-0741date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#228186date:2001-12-13T00:00:00
db:VULHUBid:VHN-3549date:2001-10-18T00:00:00
db:BIDid:2684date:2001-05-03T00:00:00
db:CNNVDid:CNNVD-200110-075date:2001-10-18T00:00:00
db:NVDid:CVE-2001-0741date:2001-10-18T04:00:00