Sign-up

ID

VAR-200702-0313


CVE

CVE-2007-0917


TITLE

Cisco IOS of IPS Detection evasion vulnerability in function

Trust: 0.8

sources: JVNDB: JVNDB-2007-000140

DESCRIPTION

The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. Cisco IOS is prone to a security-bypass vulnerability and a denial-of-service vulnerability. An attacker could exploit the security-bypass issue to send malicious data to computers that would otherwise be protected by signature inspection. An attacker could exploit the denial-of-service vulnerability to crash affected devices, denying service to legitimate users. Several vulnerabilities exist in the IOS IPS function, and only IOS images that include the IPS function are affected by these vulnerabilities. All IP protocols (such as TCP, UDP, ICMP) are affected by this vulnerability. ATOMIC.TCP Regular Expression Denial of Service Vulnerability+------------------------------------------- -------------------- Certain network communications may trigger IPS signatures using the regular expression capabilities of the ATOMIC.TCP signature engine, resulting in denial of service and interruption of network communications. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco IOS IPS Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA24142 VERIFY ADVISORY: http://secunia.com/advisories/24142/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS WHERE: >From remote OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). This can be exploited to bypass the detection mechanism by sending specially crafted, fragmented IP packets. 2) An error exists within the ATOMIC.TCP scanning mechanism and signatures, which use regular expressions (e.g. Signature 3123.0 for Netbus Pro Traffic). This can be exploited to crash a device by producing specially crafted network traffic. SOLUTION: See the vendor advisory for a patch matrix and workarounds. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0917 // JVNDB: JVNDB-2007-000140 // BID: 22549 // VULHUB: VHN-24279 // PACKETSTORM: 54399

AFFECTED PRODUCTS

vendor:ciscomodel:ios 12.3 tscope: - version: -

Trust: 3.3

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 2.1

vendor:ciscomodel:iosscope:eqversion:12.3xx

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.3xw

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3ym

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3yk

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3xr

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3xq

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3xs

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3yj

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3ya

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3xy

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.3t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yq

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4mr

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yz

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3ys

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yi

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yx

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yh

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3yt

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3

Trust: 0.8

vendor:ciscomodel:ios 12.4xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4mrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yzscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3ytscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3ysscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3ymscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3ykscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3ygscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3ydscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3xyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.3tscope: - version: -

Trust: 0.3

sources: BID: 22549 // JVNDB: JVNDB-2007-000140 // CNNVD: CNNVD-200702-265 // NVD: CVE-2007-0917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0917
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-0917
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200702-265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-24279
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-0917
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24279
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24279 // JVNDB: JVNDB-2007-000140 // CNNVD: CNNVD-200702-265 // NVD: CVE-2007-0917

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-265

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200702-265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000140

PATCH
title:cisco-sa-20070213-iosipsurl:http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000140

EXTERNAL IDS
db:NVDid:CVE-2007-0917
Trust: 2.8
db:BIDid:22549
Trust: 2.8
db:SECUNIAid:24142
Trust: 2.6
db:SECTRACKid:1017631
Trust: 1.7
db:VUPENid:ADV-2007-0597
Trust: 1.7
db:OSVDBid:33052
Trust: 1.7
db:JVNDBid:JVNDB-2007-000140
Trust: 0.8
db:CNNVDid:CNNVD-200702-265
Trust: 0.7
db:XFid:32473
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5858
Trust: 0.6
db:CISCOid:20070213 MULTIPLE IOS IPS VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-24279
Trust: 0.1
db:PACKETSTORMid:54399
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24279 // 
            
            
            
            BID: 22549 // 
            
            
            
            JVNDB: JVNDB-2007-000140 // 
            
            
            
            PACKETSTORM: 54399 // 
            
            
            
            CNNVD: CNNVD-200702-265 // 
            
            
            
            NVD: CVE-2007-0917

REFERENCES
url:http://www.securityfocus.com/bid/22549
Trust: 2.5
url:http://www.cisco.com/en/us/products/products_security_response09186a00807e0a5e.html
Trust: 1.8
url:http://www.cisco.com/en/us/products/products_security_advisory09186a00807e0a5b.shtml
Trust: 1.7
url:http://osvdb.org/33052
Trust: 1.7
url:http://www.securitytracker.com/id?1017631
Trust: 1.7
url:http://secunia.com/advisories/24142
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/0597
Trust: 1.4
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5858
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/0597
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32473
Trust: 1.1
url:http://secunia.com/advisories/24142/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0917
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0917
Trust: 0.8
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5858
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/32473
Trust: 0.6
url:http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml
Trust: 0.4
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:msg://bugtraq/200702131150.iosips@psirt.cisco.com
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/50/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/182/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24279 // 
            
            
            
            BID: 22549 // 
            
            
            
            JVNDB: JVNDB-2007-000140 // 
            
            
            
            PACKETSTORM: 54399 // 
            
            
            
            CNNVD: CNNVD-200702-265 // 
            
            
            
            NVD: CVE-2007-0917

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200702-265

SOURCES
db:VULHUBid:VHN-24279
db:BIDid:22549
db:JVNDBid:JVNDB-2007-000140
db:PACKETSTORMid:54399
db:CNNVDid:CNNVD-200702-265
db:NVDid:CVE-2007-0917

LAST UPDATE DATE
2025-04-10T23:16:51.584000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-24279date:2017-10-11T00:00:00
db:BIDid:22549date:2016-07-06T14:40:00
db:JVNDBid:JVNDB-2007-000140date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200702-265date:2009-03-04T00:00:00
db:NVDid:CVE-2007-0917date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-24279date:2007-02-14T00:00:00
db:BIDid:22549date:2007-02-13T00:00:00
db:JVNDBid:JVNDB-2007-000140date:2007-04-01T00:00:00
db:PACKETSTORMid:54399date:2007-02-14T19:41:53
db:CNNVDid:CNNVD-200702-265date:2007-02-13T00:00:00
db:NVDid:CVE-2007-0917date:2007-02-14T02:28:00