CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4650

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.5%

CVSS Severity

CVSS v2 Score 2.6

References

http://secunia.com/advisories/21783
http://securityreason.com/securityalert/1526
http://securitytracker.com/id?1016799
http://www.cisco.com/en/US/tech/tk827/tk369/tsd_technology_security_response09186a008072cd7b.html
http://www.osvdb.org/28590
http://www.phenoelit.de/stuff/CiscoGRE.txt
http://www.securityfocus.com/archive/1/445322/100/0/threaded
http://www.securityfocus.com/bid/19878
http://www.vupen.com/english/advisories/2006/3502
https://exchange.xforce.ibmcloud.com/vulnerabilities/28786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5713
http://secunia.com/advisories/21783
http://securityreason.com/securityalert/1526
http://securitytracker.com/id?1016799
http://www.cisco.com/en/US/tech/tk827/tk369/tsd_technology_security_response09186a008072cd7b.html
http://www.osvdb.org/28590
http://www.phenoelit.de/stuff/CiscoGRE.txt
http://www.securityfocus.com/archive/1/445322/100/0/threaded
http://www.securityfocus.com/bid/19878
http://www.vupen.com/english/advisories/2006/3502
https://exchange.xforce.ibmcloud.com/vulnerabilities/28786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5713

Products affected by CVE-2006-4650

Cisco » Ios » Version: 12.0

cpe:2.3:o:cisco:ios:12.0
Cisco » Ios » Version: 12.1

cpe:2.3:o:cisco:ios:12.1
Cisco » Ios » Version: 12.2

cpe:2.3:o:cisco:ios:12.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4650

Products

Pricing

Contact Us