National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-4670)

National Cyber Awareness System

Vulnerability Summary for CVE-2010-4670

Original release date:01/07/2011

Last revised:02/02/2011

Source: US-CERT/NIST

Overview

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) (legend)

Impact Subscore: 6.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: asa-pix-nd-dos(64598)

Hyperlink:http://xforce.iss.net/xforce/xfdb/64598

External Source: MISC

Name: http://www.youtube.com/watch?v=00yjWB6gGy8

Hyperlink:http://www.youtube.com/watch?v=00yjWB6gGy8

External Source: SECTRACK

Name: 1024963

Hyperlink:http://www.securitytracker.com/id?1024963

External Source: BID

Name: 45760

Hyperlink:http://www.securityfocus.com/bid/45760

External Source: CONFIRM

Name: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

Hyperlink:http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

External Source: MISC

Name: http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4

Hyperlink:http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4

External Source: MISC

Name: http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3

Hyperlink:http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3

External Source: MISC

Name: http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html

Hyperlink:http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html

Vulnerable software and versions

Configuration 1

AND

* cpe:/a:cisco:adaptive_security_appliance_software:7.2.1

* cpe:/a:cisco:adaptive_security_appliance_software:8.0

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.8%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.7%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.5%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.48%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.18%29

* cpe:/a:cisco:adaptive_security_appliance_software:8.0.5

* cpe:/a:cisco:adaptive_security_appliance_software:8.0.4

* cpe:/a:cisco:adaptive_security_appliance_software:8.0.3

* cpe:/a:cisco:adaptive_security_appliance_software:8.0.2

* cpe:/a:cisco:adaptive_security_appliance_software:7.2.5

* cpe:/a:cisco:adaptive_security_appliance_software:7.2.4

* cpe:/a:cisco:adaptive_security_appliance_software:7.2.3

* cpe:/a:cisco:adaptive_security_appliance_software:7.2.2

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.1

* cpe:/a:cisco:adaptive_security_appliance_software:8.2.1

* cpe:/a:cisco:adaptive_security_appliance_software:8.2.2

* cpe:/a:cisco:adaptive_security_appliance_software:7.1.1

* cpe:/a:cisco:adaptive_security_appliance_software:7.1.2

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.7

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.8

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.5

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.6

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.2

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.4

* cpe:/a:cisco:adaptive_security_appliance_software:7.0%280%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0%285%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0

* cpe:/a:cisco:adaptive_security_appliance_software:7.0%286.7%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0%285.2%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0%284%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0%282%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2

* cpe:/a:cisco:adaptive_security_appliance_software:7.1

* cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.48%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.49%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.5%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.1%285%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.1.4

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.4.3

* cpe:/a:cisco:adaptive_security_appliance_software:7.1%282%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.27%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.14%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.15%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.16%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.17%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%281%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%281.22%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.10%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.0.8:interim

* cpe:/a:cisco:adaptive_security_appliance_software:8.2.2:interim

* cpe:/a:cisco:adaptive_security_appliance_software:8.2%281%29

* cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.19%29

* cpe:/a:cisco:adaptive_security_appliance_software:8.2%282%29

* cpe:/a:cisco:adaptive_security_appliance_software:8.2%283%29 and previous versions

* cpe:/h:cisco:5500_series_adaptive_security_appliance

* cpe:/h:cisco:asa_5500

* cpe:/h:cisco:pix_security_appliance

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Resource Management Errors (CWE-399)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4670