VAR-200212-0835
Vulnerability from variot - Updated: 2025-04-03 22:11Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. Internet Operating System (IOS) is the firmware developed and maintained by Cisco for Cisco Routers. A system sending spoofed EIGRP announcements may cause a denial of service to all routers and systems on a given network segment. Due to improper limits in the attempt to discover routers, a neighbor announcement received by routers on a given network segment will result in an address resolution protocol (ARP) storm, filling network capacity while routers attempt to contact the announcing neighbor. Additionally, resources on the router such as CPU will also become bound while the router attempts to reach the announcing neighbor. It should be noted that it is also possible to exploit this vulnerability on systems that accept EIGRP announcements via unicast. Remote attackers can use this vulnerability to carry out denial of service attacks on routers and consume all bandwidth. EIGRP uses automatic discovery of neighbor routers for route discovery. An EIGRP router announces its existence by multicasting on enabled interfaces. If two routers discover each other, they will exchange current topology information, and both sides also need to obtain the MAC address of the other router. When using a random source IP address to generate an EIGRP neighbor advertisement, and perform a \'\'flood\'\' attack on the router or the entire network, all receiving CISCO routers will try to contact the sender, and the sender's IP address must be in the current router configuration in the subnet. There is a loophole in CISCO IOS. When contacting the sender, it will continue to request to send the MAC address. There is no timeout operation in this process, unless the EIGRP neighbor keeping time expires. This value is provided by the sender and can exceed 18 hours at most. Multiple neighbor advertisements using non-existent source IP addresses can cause the router to consume a large amount of CPU utilization and consume a large amount of bandwidth, resulting in a denial of service attack. Using IP multicast and EIGRP announcements will have a better attack effect. CISCO IOS versions lower than 12.0 can receive EIGRP Neighbor Advertisement in unicast mode, resulting in the possibility of attacks through the Internet. Arhont Ltd.- Information Security
Arhont Advisory by: Arhont Ltd Advisory: Unauthenticated EIGRP DoS Class: design bug Version: EIGRP version 1.2 Model Specific: Other versions might have the same bug
DETAILS:
We have used our custom EIGRP packet generator written on Perl to evaluate the security of the EIGRP routing protocol.
In the initial generator testing stage we have successfully reproduced the known DoS against EIGRP discovered by FX and described at http://www.securityfocus.com/bid/6443. This attack is canned in the generator using the --hellodos flag. The testing network was completely brought down due to the ARP storm.
Moving further, we have discovered a novel selective single peer - directed DoS attack employing the EIGRP "Goodbye Message". A goodbye message is sent when an EIGRP routing process is shutting down to tell the neighbors about the impending topology change to speed up the convergence. This feature is supported in Cisco IOS Releases later than 12.3(2), 12.3(3)B, and 12.3(2)T. A spoofed "goodbye message" can be sent to a peer claiming that it's neighbor is down, thus breaking the neighborhood:
arhontus #/eigrp.pl --ipgoodbye 192.168.66.202 --as 65534 --source
192.168.66.191
469573: Aug 16 2005 03:08:11.773 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0)
65534: Neighbor 192.168.66.111 (Ethernet0/0) is up: new adjacency
c2611#sh ip eigrp neigh
IP-EIGRP neighbors for process 65534
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec)
(ms) Cnt Num
2 192.168.66.111 Et0/0 13 00:01:08 1 5000
1 0
0 192.168.30.191 Se0/0 12 00:05:06 1 4500
0 198
1 192.168.66.191 Et0/0 13 00:05:14 201 1206
0 199
469574: Aug 16 2005 03:09:31.299 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.111 (Ethernet0/0) is down: retry limit exceeded c2611# 469575: Aug 16 2005 03:09:32.818 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.111 (Ethernet0/0) is up: new adjacency c2611# 469576: Aug 16 2005 03:09:56.277 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received c2611# 469577: Aug 16 2005 03:09:59.283 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received 469578: Aug 16 2005 03:09:59.868 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is up: new adjacency c2611# 469579: Aug 16 2005 03:10:02.288 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received c2611# 469580: Aug 16 2005 03:10:04.676 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is up: new adjacency 469581: Aug 16 2005 03:10:05.289 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received c2611# 469582: Aug 16 2005 03:10:08.290 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received
c2611#sh ip eigrp neigh IP-EIGRP neighbors for process 65534 H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.30.191 Se0/0 14 00:09:50 1 4500
0 286
This selective nighborhood breaking can be used for other purposes, than DoS. Re-initiating the EIGRP handshake helps a sniffing attacker to find information about the EIGRP routing domain topology. Possessing such information, a skilled attacker can selectively break the neighborhood to redirect traffic the way he wants.
Of course, on an unportected EIGRP domain there is a much simpler way of traffic redirection, which is either directly injecting the routes using our packet generator or establishing a fake neighbourhood and supplying metric parameters to the legitimate peers, which would lead DUAL to favor the fake neighbor.
Risk Factor: Medium
Workarounds: Always use EIGRP MD5-based authentication.
Communication History: sent to PSIRT on 10/10/05
*According to the Arhont Ltd. policy, all of the found vulnerabilities and security issues will be reported to the manufacturer at least 7 days before releasing them to the public domains (such as CERT and BUGTRAQ).
If you would like to get more information about this issue, please do not hesitate to contact Arhont team.*
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0835",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "extended interior gateway routing protocol",
"scope": "eq",
"trust": 1.0,
"vendor": "extended interior gateway routing protocol",
"version": "1.2"
}
],
"sources": [
{
"db": "BID",
"id": "6443"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FX fx@phenoelit.de\u203bPaul Oxman\u203b poxman@cisco.com\u203bAndrew A. Vladimirov\u203b mlists@arhont.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2208",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6591",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6591",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6591"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. Internet Operating System (IOS) is the firmware developed and maintained by Cisco for Cisco Routers. \nA system sending spoofed EIGRP announcements may cause a denial of service to all routers and systems on a given network segment. Due to improper limits in the attempt to discover routers, a neighbor announcement received by routers on a given network segment will result in an address resolution protocol (ARP) storm, filling network capacity while routers attempt to contact the announcing neighbor. Additionally, resources on the router such as CPU will also become bound while the router attempts to reach the announcing neighbor. It should be noted that it is also possible to exploit this vulnerability on systems that accept EIGRP announcements via unicast. Remote attackers can use this vulnerability to carry out denial of service attacks on routers and consume all bandwidth. EIGRP uses automatic discovery of neighbor routers for route discovery. An EIGRP router announces its existence by multicasting on enabled interfaces. If two routers discover each other, they will exchange current topology information, and both sides also need to obtain the MAC address of the other router. When using a random source IP address to generate an EIGRP neighbor advertisement, and perform a \\\u0027\\\u0027flood\\\u0027\\\u0027 attack on the router or the entire network, all receiving CISCO routers will try to contact the sender, and the sender\u0027s IP address must be in the current router configuration in the subnet. There is a loophole in CISCO IOS. When contacting the sender, it will continue to request to send the MAC address. There is no timeout operation in this process, unless the EIGRP neighbor keeping time expires. This value is provided by the sender and can exceed 18 hours at most. Multiple neighbor advertisements using non-existent source IP addresses can cause the router to consume a large amount of CPU utilization and consume a large amount of bandwidth, resulting in a denial of service attack. Using IP multicast and EIGRP announcements will have a better attack effect. CISCO IOS versions lower than 12.0 can receive EIGRP Neighbor Advertisement in unicast mode, resulting in the possibility of attacks through the Internet. Arhont Ltd.- Information Security\n\nArhont Advisory by: Arhont Ltd\nAdvisory: Unauthenticated EIGRP DoS\nClass: design bug\nVersion: EIGRP version 1.2\nModel Specific: Other versions might have the same bug\n\nDETAILS:\n\nWe have used our custom EIGRP packet generator written on Perl to \nevaluate the security of the EIGRP routing protocol. \n\nIn the initial generator testing stage we have successfully reproduced \nthe known DoS against EIGRP discovered by FX and described\nat http://www.securityfocus.com/bid/6443. This attack is canned in the \ngenerator using the --hellodos flag. The testing network was\ncompletely brought down due to the ARP storm. \n\nMoving further, we have discovered a novel selective single peer - \ndirected DoS attack employing the EIGRP \"Goodbye Message\". A goodbye\nmessage is sent when an EIGRP routing process is shutting down to tell \nthe neighbors about the impending topology change to speed up the\nconvergence. This feature is supported in Cisco IOS Releases later than \n12.3(2), 12.3(3)B, and 12.3(2)T. A spoofed \"goodbye message\" can\nbe sent to a peer claiming that it\u0027s neighbor is down, thus breaking the \nneighborhood:\n\narhontus #/eigrp.pl --ipgoodbye 192.168.66.202 --as 65534 --source \n192.168.66.191\n469573: Aug 16 2005 03:08:11.773 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.111 (Ethernet0/0) is up: new adjacency\nc2611#sh ip eigrp neigh\nIP-EIGRP neighbors for process 65534\nH Address Interface Hold Uptime SRTT RTO Q Seq\n (sec) \n(ms) Cnt Num\n2 192.168.66.111 Et0/0 13 00:01:08 1 5000 \n1 0\n0 192.168.30.191 Se0/0 12 00:05:06 1 4500 \n0 198\n1 192.168.66.191 Et0/0 13 00:05:14 201 1206 \n0 199\n\n469574: Aug 16 2005 03:09:31.299 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.111 (Ethernet0/0) is down: retry limit exceeded\nc2611#\n469575: Aug 16 2005 03:09:32.818 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.111 (Ethernet0/0) is up: new adjacency\nc2611#\n469576: Aug 16 2005 03:09:56.277 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received\nc2611#\n469577: Aug 16 2005 03:09:59.283 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received\n469578: Aug 16 2005 03:09:59.868 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is up: new adjacency\nc2611#\n469579: Aug 16 2005 03:10:02.288 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received\nc2611#\n469580: Aug 16 2005 03:10:04.676 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is up: new adjacency\n469581: Aug 16 2005 03:10:05.289 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received\nc2611#\n469582: Aug 16 2005 03:10:08.290 GMT: %DUAL-5-NBRCHANGE: IP-EIGRP(0) \n65534: Neighbor 192.168.66.191 (Ethernet0/0) is down: Peer goodbye received\n\nc2611#sh ip eigrp neigh\nIP-EIGRP neighbors for process 65534\nH Address Interface Hold Uptime SRTT RTO Q Seq\n \n(sec) (ms) Cnt Num\n0 192.168.30.191 Se0/0 14 00:09:50 1 4500 \n0 286\n\nThis selective nighborhood breaking can be used for other purposes, than \nDoS. Re-initiating the EIGRP handshake helps a sniffing attacker to find\ninformation about the EIGRP routing domain topology. Possessing such \ninformation, a skilled attacker can selectively break the neighborhood \nto redirect\ntraffic the way he wants. \n\nOf course, on an unportected EIGRP domain there is a much simpler way of \ntraffic redirection, which is either directly injecting the routes using \nour\npacket generator or establishing a fake neighbourhood and supplying \nmetric parameters to the legitimate peers, which would lead DUAL to \nfavor the fake\nneighbor. \n\nRisk Factor: Medium\n\nWorkarounds: Always use EIGRP MD5-based authentication. \n\nCommunication History: sent to PSIRT on 10/10/05\n\n*According to the Arhont Ltd. policy, all of the found vulnerabilities \nand security issues will be reported to the manufacturer at least 7 days \nbefore\nreleasing them to the public domains (such as CERT and BUGTRAQ). \n\nIf you would like to get more information about this issue, please do \nnot hesitate to contact Arhont team.*\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2208"
},
{
"db": "BID",
"id": "6443"
},
{
"db": "VULHUB",
"id": "VHN-6591"
},
{
"db": "PACKETSTORM",
"id": "42576"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6443",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "7766",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "18055",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005840",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2002-2208",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20051220 RE: AUTHENTICATED EIGRP DOS / INFORMATION LEAK",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20051219 UNAUTHENTICATED EIGRP DOS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4066",
"trust": 0.6
},
{
"db": "XF",
"id": "10903",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20021220 CISCO\u0027S RESPONSE TO THE EIGRP ISSUE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021219 RE: CISCO IOS EIGRP NETWORK DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20051220 RE: UNAUTHENTICATED EIGRP DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021219 CISCO IOS EIGRP NETWORK DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6591",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42576",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6591"
},
{
"db": "BID",
"id": "6443"
},
{
"db": "PACKETSTORM",
"id": "42576"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"id": "VAR-200212-0835",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6591"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:11:19.365000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6443"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/304034"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/304044"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/tech/tk365/technologies_security_notice09186a008011c5e1.html"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/eigrp_issue.pdf"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-december/040330.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/18055"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1005840"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/7766"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/419898/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10903"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=full-disclosure\u0026m=113504451523186\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10903"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=full-disclosure\u0026m=113504451523186\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4066"
},
{
"trust": 0.3,
"url": "/archive/1/419830"
},
{
"trust": 0.3,
"url": "/archive/1/304034"
},
{
"trust": 0.3,
"url": "/archive/1/304044"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=full-disclosure\u0026amp;m=113504451523186\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/6443."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6591"
},
{
"db": "BID",
"id": "6443"
},
{
"db": "PACKETSTORM",
"id": "42576"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6591"
},
{
"db": "BID",
"id": "6443"
},
{
"db": "PACKETSTORM",
"id": "42576"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6591"
},
{
"date": "2002-12-19T00:00:00",
"db": "BID",
"id": "6443"
},
{
"date": "2005-12-28T04:59:14",
"db": "PACKETSTORM",
"id": "42576"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-6591"
},
{
"date": "2002-12-19T00:00:00",
"db": "BID",
"id": "6443"
},
{
"date": "2006-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-280"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS EIGRP notice ARP Denial of service attack vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6443"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-280"
}
],
"trust": 0.9
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.