Cisco IOS up to 12.2t ICMP Redirect Routing Table information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Cisco IOS up to 12.2t. It has been rated as critical. The impacted element is an unknown function of the component ICMP Redirect Routing Table. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2003-1398. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.
Details
A vulnerability was found in Cisco IOS up to 12.2t (Router Operating System). It has been declared as critical. Affected by this vulnerability is an unknown function of the component ICMP Redirect Routing Table. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
The weakness was disclosed 02/11/2003 by Damir Rajnovic with Cisco as not defined posting (Bugtraq). It is possible to read the advisory at securityfocus.com. This vulnerability is known as CVE-2003-1398 since 10/18/2007. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.
It is possible to download the exploit at hping.org. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 11379 (Cisco IOS ICMP Redirect Message Spoofing Remote DoS (CSCdx92043)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and relying on port 161. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43101 (Cisco IOS ICMP Redirect Routing Table Modification Vulnerability).
Upgrading eliminates this vulnerability. It is possible to mitigate the problem by applying the configuration setting no ip icmp redirect. The best possible mitigation is suggested to be upgrading to the latest version. Attack attempts may be identified with Snort ID 438.
The vulnerability is also documented in the databases at X-Force (11306), Tenable (11379), SecurityFocus (BID 6823†), OSVDB (51475†) and SecurityTracker (ID 1006075†). The entries VDB-807, VDB-811 and VDB-19109 are pretty similar. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 8.8
VulDB Base Score: 9.8
VulDB Temp Score: 8.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 11379
Nessus Name: Cisco IOS ICMP Redirect Message Spoofing Remote DoS (CSCdx92043)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Config: no ip icmp redirect
Snort ID: 438
Timeline
02/11/2003 🔍02/11/2003 🔍
02/11/2003 🔍
02/11/2003 🔍
03/14/2003 🔍
12/31/2003 🔍
04/09/2004 🔍
10/18/2007 🔍
01/28/2009 🔍
03/08/2021 🔍
Sources
Vendor: cisco.comAdvisory: securityfocus.com⛔
Researcher: Damir Rajnovic
Organization: Cisco
Status: Not defined
CVE: CVE-2003-1398 (🔍)
GCVE (CVE): GCVE-0-2003-1398
GCVE (VulDB): GCVE-100-7
X-Force: 11306 - Cisco IOS invalid ICMP redirects could reroute packets, Medium Risk
SecurityFocus: 6823 - Cisco IOS ICMP Redirect Routing Table Modification Vulnerability
OSVDB: 51475 - Cisco IOS ICMP Redirect Message Spoofing Remote DoS
SecurityTracker: 1006075
Vulnerability Center: 20660 - Cisco IOS 12-12.2 Remote Dos or Code Execution via False ICMP Redirect Messages, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 02/11/2003 01:00Updated: 03/08/2021 06:49
Changes: 02/11/2003 01:00 (62), 05/04/2019 19:05 (30), 03/08/2021 06:49 (3)
Complete: 🔍
Cache ID: 216:0EE:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.