CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.7 | $0-$5k | 0.00 |
A vulnerability was found in Cisco Content Switching Modules up to 4.1 and classified as critical. This issue affects some unknown functionality. The manipulation with an unknown input leads to a config vulnerability. Using CWE to declare the problem leads to CWE-16. Impacted is availability. The summary by CVE is:
Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876.
The bug was discovered 09/05/2007. The weakness was published 09/05/2007 (Website). The advisory is shared at cisco.com. The identification of this vulnerability is CVE-2007-4789 since 09/10/2007. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592.004 for this issue.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k.
Upgrading to version 4.2 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (36453). Similar entry is available at 38704.
Product
Vendor
Name
Version
License
Support
- end of life (old version)
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: ConfigCWE: CWE-16
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Content Switching Modules 4.2
Timeline
09/05/2007 🔍09/05/2007 🔍
09/05/2007 🔍
09/05/2007 🔍
09/05/2007 🔍
09/06/2007 🔍
09/06/2007 🔍
09/09/2007 🔍
09/10/2007 🔍
09/10/2007 🔍
03/16/2015 🔍
07/25/2019 🔍
Sources
Vendor: cisco.comAdvisory: cisco.com
Status: Confirmed
CVE: CVE-2007-4789 (🔍)
X-Force: 36453
SecurityTracker: 1018654
Vulnerability Center: 15992 - [cisco-sa-20070905-csm] CSM and CSM-S Vulnerability Allows DoS via Unspecified Vectors, Medium
SecurityFocus: 25547 - Cisco Content Switching Modules Multiple Remote Denial of Service Vulnerabilities
Secunia: 26724
OSVDB: 37501 - Cisco Content Switching Modules (CSM / CSM-S) Unspecified Consumption DoS
Vupen: ADV-2007-3062
See also: 🔍
Entry
Created: 03/16/2015 12:18Updated: 07/25/2019 12:44
Changes: 03/16/2015 12:18 (70), 07/25/2019 12:44 (1)
Complete: 🔍
Cache ID: 18:8B2:103
No comments yet. Languages: en.
Please log in to comment.