cvelistv5 - cve-2010-0576

CVE-2010-0576 (GCVE-0-2010-0576)

Vulnerability from cvelistv5

Published

2010-03-25 20:31

Modified

2024-08-07 00:52

Severity ?

CWE

Summary

Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893.

References

URL

Tags

	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee2.shtml	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/38938	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/57143	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/39065	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023740	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/63188	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2010/0707	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:19.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100324 Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee2.shtml"
          },
          {
            "name": "38938",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38938"
          },
          {
            "name": "ciscoios-ldp-dos(57143)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57143"
          },
          {
            "name": "39065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39065"
          },
          {
            "name": "1023740",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023740"
          },
          {
            "name": "63188",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/63188"
          },
          {
            "name": "ADV-2010-0707",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0707"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20100324 Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee2.shtml"
        },
        {
          "name": "38938",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38938"
        },
        {
          "name": "ciscoios-ldp-dos(57143)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57143"
        },
        {
          "name": "39065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39065"
        },
        {
          "name": "1023740",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023740"
        },
        {
          "name": "63188",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/63188"
        },
        {
          "name": "ADV-2010-0707",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0707"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-0576",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100324 Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee2.shtml"
            },
            {
              "name": "38938",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38938"
            },
            {
              "name": "ciscoios-ldp-dos(57143)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57143"
            },
            {
              "name": "39065",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39065"
            },
            {
              "name": "1023740",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023740"
            },
            {
              "name": "63188",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/63188"
            },
            {
              "name": "ADV-2010-0707",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0707"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-0576",
    "datePublished": "2010-03-25T20:31:00.000Z",
    "dateReserved": "2010-02-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:52:19.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-136

Vulnerability from certfr_avis

De multiples vulnérabilités dans les systèmes Cisco IOS permettent de provoquer un déni de service à distance ou d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités ont été découvertes dans les systèmes Cisco IOS :

une erreur dans la gestion des flux réseaux servant à l'échange des clés cryptographiques peut être exploitée afin de provoquer un redémarrage de Cisco IOS ;
un message SCCP (protocole propriétaire Skinny Call Control Protocol) spécialement conçu peut faire redémarrer Cisco IOS ;
un paquet réseau LDP UDP (technologie liée aux réseaux MPLS) spécialement conçu peut faire redémarrer Cisco IOS ;
deux vulnérabilités existent dans le code H.323 de Cisco IOS, une exploitation réussie de ces vulnérabilités provoque un déni de service à distance ou une exécution de code arbitraire à distance ;
plusieurs vulnérabilités ont été découvertes dans le code SIP de Cisco IOS, une exploitation réussie de ces vulnérabilités provoquent un déni de service à distance ou une exécution de code arbitraire à distance ;
un segment TCP spécialement conçu peut bloquer ou faire redémarrer Cisco IOS.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IOS XE	Cisco IOS XE 2.x ;
Cisco	IOS XR	Cisco IOS XR 3.x.
Cisco	IOS	Cisco IOS 12.x et 15.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 20100324-sip du 24 mars 2010	None	vendor-advisory
Bulletin de sécurité Cisco 20100324-ipsec du 24 mars 2010	None	vendor-advisory
Bulletin de sécurité Cisco 20100324-sccp du 24 mars 2010	None	vendor-advisory
Bulletin de sécurité Cisco 20100324-h323 du 24 mars 2010	None	vendor-advisory
Bulletin de sécurité Cisco 20100324-tcp du 24 mars 2010	None	vendor-advisory
Bulletin de sécurité Cisco 20100324-ldp du 24 mars 2010	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IOS XE 2.x ;",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XR 3.x.",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS 12.x et 15.x ;",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les syst\u00e8mes Cisco\nIOS :\n\n-   une erreur dans la gestion des flux r\u00e9seaux servant \u00e0 l\u0027\u00e9change des\n    cl\u00e9s cryptographiques peut \u00eatre exploit\u00e9e afin de provoquer un\n    red\u00e9marrage de Cisco IOS ;\n-   un message SCCP (protocole propri\u00e9taire Skinny Call Control\n    Protocol) sp\u00e9cialement con\u00e7u peut faire red\u00e9marrer Cisco IOS ;\n-   un paquet r\u00e9seau LDP UDP (technologie li\u00e9e aux r\u00e9seaux MPLS)\n    sp\u00e9cialement con\u00e7u peut faire red\u00e9marrer Cisco IOS ;\n-   deux vuln\u00e9rabilit\u00e9s existent dans le code H.323 de Cisco IOS, une\n    exploitation r\u00e9ussie de ces vuln\u00e9rabilit\u00e9s provoque un d\u00e9ni de\n    service \u00e0 distance ou une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le code SIP de\n    Cisco IOS, une exploitation r\u00e9ussie de ces vuln\u00e9rabilit\u00e9s provoquent\n    un d\u00e9ni de service \u00e0 distance ou une ex\u00e9cution de code arbitraire \u00e0\n    distance ;\n-   un segment TCP sp\u00e9cialement con\u00e7u peut bloquer ou faire red\u00e9marrer\n    Cisco IOS.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0584"
    },
    {
      "name": "CVE-2010-0583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0583"
    },
    {
      "name": "CVE-2010-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0577"
    },
    {
      "name": "CVE-2010-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0580"
    },
    {
      "name": "CVE-2010-0581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0581"
    },
    {
      "name": "CVE-2010-0582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0582"
    },
    {
      "name": "CVE-2010-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0578"
    },
    {
      "name": "CVE-2010-0579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0579"
    },
    {
      "name": "CVE-2010-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0576"
    }
  ],
  "initial_release_date": "2010-03-26T00:00:00",
  "last_revision_date": "2010-03-26T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-136",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans les syst\u00e8mes Cisco IOS permettent de\nprovoquer un d\u00e9ni de service \u00e0 distance ou d\u0027ex\u00e9cuter du code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100324-sip du 24 mars 2010",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100324-ipsec du 24 mars 2010",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100324-ipsec.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100324-sccp du 24 mars 2010",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100324-sccp.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100324-h323 du 24 mars 2010",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100324-h323.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100324-tcp du 24 mars 2010",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100324-tcp.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100324-ldp du 24 mars 2010",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0576 (GCVE-0-2010-0576)

Vulnerability from cvelistv5

CERTA-2010-AVI-136

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature