VAR-200512-0079
Vulnerability from variot - Updated: 2025-04-03 22:11MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Cisco IOS As a routing protocol Cisco Proprietary extended distance vector protocol EIGRP (Enhanced Interior Gateway Routing Protocol) Has been implemented. Cisco IOS Implemented in EIGRP There are several problems: 1) EIGRP Adjacent devices are notified when the routing process ends Goodbye Message There is a problem with improper handling. Intentionally created by a remote attacker Goodbye Message If is sent, adjacency with the device may be lost. 2) Authenticated EIGRP There is a flaw in the packet verification method, MD5 Contains a hash value EIGRP There is a problem that allows eavesdropping on packets and reusing their hash values. A remote attacker EIGRP HELLO If a packet is sent to the target device, the response from the target device EIGRP You may get information about your domain. Also, BID 6443 Like the problem of network bandwidth ARP It can be exhausted with requests and eventually result in an unusable network.Please refer to the “Overview” for the impact of this vulnerability. This issue allows attackers to gain access to potentially sensitive network information in EIGRP UPDATE reply packets, or to cause a denial of service condition by flooding routers with HELLO packets. By utilizing replayed HELLO packets with MD5 enabled, attackers may cause a more severe denial of service condition. The Cisco EIGRP protocol is susceptible to a remote denial of service vulnerability. This issue is possible when MD5 neighbor authentication is not in use. This issue allows attackers to cause routing relationships to be torn down, forcing them to be reestablished. The routing link will be unavailable during the time that the link is torn down, until it is reestablished. By repeating the attack, a sustained denial of network service is possible. This issue is being tracked by Cisco Bug ID CSCsc13698
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "extended interior gateway routing protocol",
"scope": "eq",
"trust": 1.6,
"vendor": "extended interior gateway routing protocol",
"version": "1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.4"
},
{
"model": "eigrp",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2"
}
],
"sources": [
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew A. Vladimirov\" \u003cmlists@arhont.com\u003e, Arhont Ltd disclosed this weakness.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4437",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-15645",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4437",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2005-4437",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-469",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-15645",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15645"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Cisco IOS As a routing protocol Cisco Proprietary extended distance vector protocol EIGRP (Enhanced Interior Gateway Routing Protocol) Has been implemented. Cisco IOS Implemented in EIGRP There are several problems: 1) EIGRP Adjacent devices are notified when the routing process ends Goodbye Message There is a problem with improper handling. Intentionally created by a remote attacker Goodbye Message If is sent, adjacency with the device may be lost. 2) Authenticated EIGRP There is a flaw in the packet verification method, MD5 Contains a hash value EIGRP There is a problem that allows eavesdropping on packets and reusing their hash values. A remote attacker EIGRP HELLO If a packet is sent to the target device, the response from the target device EIGRP You may get information about your domain. Also, BID 6443 Like the problem of network bandwidth ARP It can be exhausted with requests and eventually result in an unusable network.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. \nThis issue allows attackers to gain access to potentially sensitive network information in EIGRP UPDATE reply packets, or to cause a denial of service condition by flooding routers with HELLO packets. By utilizing replayed HELLO packets with MD5 enabled, attackers may cause a more severe denial of service condition. The Cisco EIGRP protocol is susceptible to a remote denial of service vulnerability. This issue is possible when MD5 neighbor authentication is not in use. \nThis issue allows attackers to cause routing relationships to be torn down, forcing them to be reestablished. The routing link will be unavailable during the time that the link is torn down, until it is reestablished. By repeating the attack, a sustained denial of network service is possible. \nThis issue is being tracked by Cisco Bug ID CSCsc13698",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4437"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
},
{
"db": "VULHUB",
"id": "VHN-15645"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15970",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2005-4437",
"trust": 2.5
},
{
"db": "SREASON",
"id": "274",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015382",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-3008",
"trust": 1.7
},
{
"db": "BID",
"id": "15978",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20051220 RE: AUTHENTICATED EIGRP DOS / INFORMATION LEAK",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20051219 AUTHENTICATED EIGRP DOS / INFORMATION LEAK",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5741",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20051219 AUTHENTICATED EIGRP DOS / INFORMATION LEAK",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20051220 RE: UNAUTHENTICATED EIGRP DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-15645",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15645"
},
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"id": "VAR-200512-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15645"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:11:19.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-response-20051220-eigrp",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051220-eigrp.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/15970"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-december/040332.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015382"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/274"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2005/3008"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/419830/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/419898/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5741"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/3008"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=full-disclosure\u0026m=113504451523186\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4437"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-4437"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/15978"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
},
{
"trust": 0.6,
"url": "/archive/1/419898"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/419830/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5741"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=full-disclosure\u0026m=113504451523186\u0026w=2"
},
{
"trust": 0.3,
"url": "/archive/1/419830"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=full-disclosure\u0026amp;m=113504451523186\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15645"
},
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-15645"
},
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-15645"
},
{
"date": "2005-12-19T00:00:00",
"db": "BID",
"id": "15970"
},
{
"date": "2005-12-19T00:00:00",
"db": "BID",
"id": "15978"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"date": "2005-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"date": "2005-12-21T01:03:00",
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-15645"
},
{
"date": "2005-12-19T00:00:00",
"db": "BID",
"id": "15970"
},
{
"date": "2005-12-19T00:00:00",
"db": "BID",
"id": "15978"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000747"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-469"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-4437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco EIGRP Protocol HELLO Packet Replay Vulnerability",
"sources": [
{
"db": "BID",
"id": "15970"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "15970"
},
{
"db": "BID",
"id": "15978"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-469"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…