VAR-200110-0021
Vulnerability from variot - Updated: 2025-04-03 22:37Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. A denial-of-service vulnerability exists in the Hot Standby Router Protocol (HSRP) . It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren't using ICMP Router Discovery Protocol to find the new router handling traffic for their segment. By eavesdropping on HSRP management messages sent over the network, it is possible to create a spoofed message that will reroute all network traffic to a particular system. By doing so, it is possible to prevent traffic from entering or leaving that network. This problem makes it possible for system local to the network to deny service to legitmate users of that network segment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0021",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hsrp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "hsrp",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "hsrp rfc2281",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#228186"
},
{
"db": "BID",
"id": "2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced by bashis \u003cbash@ns.wcd.se\u003e via Bugtraq on May 3, 2001.",
"sources": [
{
"db": "BID",
"id": "2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0741",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2001-0741",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-3549",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0741",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#228186",
"trust": 0.8,
"value": "6.33"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-075",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-3549",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#228186"
},
{
"db": "VULHUB",
"id": "VHN-3549"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. A denial-of-service vulnerability exists in the Hot Standby Router Protocol (HSRP) . It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren\u0027t using ICMP Router Discovery Protocol to find the new router handling traffic for their segment. By eavesdropping on HSRP management messages sent over the network, it is possible to create a spoofed message that will reroute all network traffic to a particular system. By doing so, it is possible to prevent traffic from entering or leaving that network. \nThis problem makes it possible for system local to the network to deny service to legitmate users of that network segment",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0741"
},
{
"db": "CERT/CC",
"id": "VU#228186"
},
{
"db": "BID",
"id": "2684"
},
{
"db": "VULHUB",
"id": "VHN-3549"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-3549",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3549"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2684",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2001-0741",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#228186",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075",
"trust": 0.7
},
{
"db": "XF",
"id": "6497",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010503 CISCO HSRP WEAKNESS/DOS",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "20821",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-74678",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-3549",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#228186"
},
{
"db": "VULHUB",
"id": "VHN-3549"
},
{
"db": "BID",
"id": "2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"id": "VAR-200110-0021",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3549"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:37:42.188000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/2684"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/networkers/nw00/pres/2402.pdf"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6497"
},
{
"trust": 0.8,
"url": "http://www.faqs.org/rfcs/rfc2281.html"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/619/3.html"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/619/hsrpguidetoc.html"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdip.htm#xtocid1715023"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm#xtocid122331"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6497.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#228186"
},
{
"db": "VULHUB",
"id": "VHN-3549"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#228186"
},
{
"db": "VULHUB",
"id": "VHN-3549"
},
{
"db": "BID",
"id": "2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-13T00:00:00",
"db": "CERT/CC",
"id": "VU#228186"
},
{
"date": "2001-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-3549"
},
{
"date": "2001-05-03T00:00:00",
"db": "BID",
"id": "2684"
},
{
"date": "2001-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"date": "2001-10-18T04:00:00",
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-18T00:00:00",
"db": "CERT/CC",
"id": "VU#228186"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3549"
},
{
"date": "2009-07-11T06:06:00",
"db": "BID",
"id": "2684"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-075"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0741"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hot Standby Router Protocol (HSRP) uses weak authentication",
"sources": [
{
"db": "CERT/CC",
"id": "VU#228186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-075"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…