Details of VAR-200709-0062

ID

VAR-200709-0062

CVE

CVE-2007-5134

TITLE

Cisco Catalyst 6500 and Cisco 7600 Loopback in the series IP Address restriction bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-000717

DESCRIPTION

Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. Attackers may leverage this issue to access a device from an unauthorized remote location; this may aid in further attacks. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco Catalyst 6500 / Cisco 7600 Series Devices Accessible Loopback Address Weakness SECUNIA ADVISORY ID: SA26988 VERIFY ADVISORY: http://secunia.com/advisories/26988/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Cisco 7600 Series 12.x http://secunia.com/product/15865/ Cisco Catalyst 6500 Series 12.x http://secunia.com/product/15864/ DESCRIPTION: A weakness has been reported in Cisco Catalyst 6500 and Cisco 7600 series devices, which can be exploited by malicious people to bypass certain security restrictions. The problem is that packets destined for the 127.0.0.0/8 network may be received and processed by e.g. the Supervisor module or Multilayer Switch Feature Card (MSFC). This can be exploited to e.g. bypass existing access control lists. Successful exploitation requires that systems are running Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the MSFC) or Native Mode (IOS Software on both the Supervisor Engine and the MSFC). The weakness is reported in all software versions on Cisco Catalyst 6500 and Cisco 7600 series prior to 12.2(33)SXH. SOLUTION: Update to 12.2(33)SXH. PROVIDED AND/OR DISCOVERED BY: The vendor credits Lee E. Rian. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5134 // JVNDB: JVNDB-2007-000717 // BID: 25822 // VULHUB: VHN-28496 // PACKETSTORM: 59638

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst 6500 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-x6380-nam	scope:	eq	version:	2.1\(2\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-1	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catos	scope:	eq	version:	7.6\(1\)	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-2	scope:	eq	version:	3.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	catos	scope:	eq	version:	5.4\(1\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-2	scope:	eq	version:	3.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6500	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-x6380-nam	scope:	eq	version:	2.1\(2\)	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	catos	scope:	eq	version:	7.5\(1\)	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-1	scope:	eq	version:	3.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.0
vendor:	cisco	model:	catalyst 7600	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	7600 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6500 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6500	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 7600	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 7600	scope:	eq	version:	sup2_msfc2	Trust: 0.6
vendor:	cisco	model:	catalyst 7600	scope:	eq	version:	sup720_msfc3	Trust: 0.6
vendor:	cisco	model:	catalyst ws-x6380-nam	scope:	eq	version:	76003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-2	scope:	eq	version:	76003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-1	scope:	eq	version:	76003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-2	scope:	eq	version:	76002.2	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-1	scope:	eq	version:	76002.2	Trust: 0.3
vendor:	cisco	model:	catalyst ws-x6380-nam	scope:	eq	version:	76002.1	Trust: 0.3
vendor:	cisco	model:	catalyst sup720/msfc3	scope:	eq	version:	7600	Trust: 0.3
vendor:	cisco	model:	catalyst sup2/msfc2	scope:	eq	version:	7600	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	65007.6(1)	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	65007.5(1)	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	65005.4.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-x6380-nam	scope:	eq	version:	65003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-2	scope:	eq	version:	65003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-1	scope:	eq	version:	65003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-2	scope:	eq	version:	65002.2	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-1	scope:	eq	version:	65002.2	Trust: 0.3
vendor:	cisco	model:	catalyst ws-x6380-nam	scope:	eq	version:	65002.1	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	6500	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	7600	Trust: 0.3

sources: BID: 25822 // JVNDB: JVNDB-2007-000717 // NVD: CVE-2007-5134 // CNNVD: CNNVD-200709-409

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-5134
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200709-409
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28496
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-5134
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-28496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28496 // JVNDB: JVNDB-2007-000717 // NVD: CVE-2007-5134 // CNNVD: CNNVD-200709-409

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-28496 // JVNDB: JVNDB-2007-000717 // NVD: CVE-2007-5134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-409

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200709-409

CONFIGURATIONS

sources: NVD: CVE-2007-5134

PATCH

title:

cisco-sr-20070926-lb

url:

http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2007-000717

EXTERNAL IDS

db:	BID	id:	25822	Trust: 2.8
db:	NVD	id:	CVE-2007-5134	Trust: 2.8
db:	SECUNIA	id:	26988	Trust: 2.6
db:	SECTRACK	id:	1018742	Trust: 2.5
db:	SECTRACK	id:	1018743	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3276	Trust: 1.7
db:	XF	id:	36826	Trust: 1.4
db:	JVNDB	id:	JVNDB-2007-000717	Trust: 0.8
db:	FULLDISC	id:	20070927 RE: CAT6500 ACCESSIBLE VIA 127.0.0.X LOOPBACK ADDRESSES	Trust: 0.6
db:	CISCO	id:	20070926 CATALYST 6500 AND CISCO 7600 SERIES DEVICES ACCESSIBLE VIA LOOPBACK ADDRESS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-409	Trust: 0.6
db:	VULHUB	id:	VHN-28496	Trust: 0.1
db:	PACKETSTORM	id:	59638	Trust: 0.1

sources: VULHUB: VHN-28496 // BID: 25822 // JVNDB: JVNDB-2007-000717 // PACKETSTORM: 59638 // NVD: CVE-2007-5134 // CNNVD: CNNVD-200709-409

REFERENCES

url:	http://www.securityfocus.com/bid/25822	Trust: 2.5
url:	http://securitytracker.com/id?1018742	Trust: 2.5
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml	Trust: 2.1
url:	http://seclists.org/fulldisclosure/2007/sep/0573.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1018743	Trust: 1.7
url:	http://secunia.com/advisories/26988	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2007/3276	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/36826	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2007/3276	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36826	Trust: 1.1
url:	http://secunia.com/advisories/26988/	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5134	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5134	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/switches/index.html	Trust: 0.3
url:	http://secunia.com/product/15865/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/15864/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-28496 // BID: 25822 // JVNDB: JVNDB-2007-000717 // PACKETSTORM: 59638 // NVD: CVE-2007-5134 // CNNVD: CNNVD-200709-409

CREDITS

Lee E. Rian

Trust: 0.6

sources: CNNVD: CNNVD-200709-409

SOURCES

db:	VULHUB	id:	VHN-28496
db:	BID	id:	25822
db:	JVNDB	id:	JVNDB-2007-000717
db:	PACKETSTORM	id:	59638
db:	NVD	id:	CVE-2007-5134
db:	CNNVD	id:	CNNVD-200709-409

LAST UPDATE DATE

2023-12-18T13:10:22.350000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28496	date:	2017-07-29T00:00:00
db:	BID	id:	25822	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-000717	date:	2007-10-09T00:00:00
db:	NVD	id:	CVE-2007-5134	date:	2017-07-29T01:33:25.053
db:	CNNVD	id:	CNNVD-200709-409	date:	2007-10-01T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28496	date:	2007-09-27T00:00:00
db:	BID	id:	25822	date:	2007-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2007-000717	date:	2007-10-09T00:00:00
db:	PACKETSTORM	id:	59638	date:	2007-09-27T23:54:21
db:	NVD	id:	CVE-2007-5134	date:	2007-09-27T19:17:00
db:	CNNVD	id:	CNNVD-200709-409	date:	2007-09-27T00:00:00