CVE-2007-0918
First published: Wed Feb 14 2007(Updated: )
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =12.3ym | |
| Cisco IOS | =12.3yq | |
| Cisco IOS | =12.3xr | |
| Cisco IOS | =12.4t | |
| Cisco IOS | =12.3ya | |
| Cisco IOS | =12.3xs | |
| Cisco IOS | =12.3xw | |
| Cisco IOS | =12.4mr | |
| Cisco IOS | =12.3yj | |
| Cisco IOS | =12.3t | |
| Cisco IOS | =12.3yd | |
| Cisco IOS | =12.3yk | |
| Cisco IOS | =12.3yt | |
| Cisco IOS | =12.3yz | |
| Cisco IOS | =12.3yg | |
| Cisco IOS | =12.3xy | |
| Cisco IOS | =12.4 | |
| Cisco IOS | =12.4xa | |
| Cisco IOS | =12.3yx | |
| Cisco IOS | =12.3xq | |
| Cisco IOS | =12.3ys | |
| Cisco IOS | =12.3yh | |
| Cisco IOS | =12.4xb | |
| Cisco IOS | =12.3xx | |
| Cisco IOS | =12.3yi |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml
- http://www.securitytracker.com/id?1017631
- http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html
- http://www.securityfocus.com/bid/22549
- http://secunia.com/advisories/24142
- http://osvdb.org/33053
- http://www.vupen.com/english/advisories/2007/0597
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32474
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5832
Frequently Asked Questions
What is the severity of CVE-2007-0918?
CVE-2007-0918 has a high severity level as it can lead to a denial of service, potentially causing traffic loss and system crashes.
What versions of Cisco IOS are affected by CVE-2007-0918?
CVE-2007-0918 affects multiple versions of Cisco IOS including 12.4XA, 12.3YA, 12.3T, and others.
How do I fix CVE-2007-0918?
To resolve CVE-2007-0918, it is recommended to upgrade to a patched version of Cisco IOS as specified in Cisco's security advisories.
What potential impact does CVE-2007-0918 have?
CVE-2007-0918 can cause a denial of service, which results in the Intrusion Prevention System crashing and loss of traffic.
Is there a workaround for CVE-2007-0918?
Currently, there are no known effective workarounds for CVE-2007-0918; updating the software to a secure version is the best approach.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/12.3ym
- version/cisco ios/12.3yq
- version/cisco ios/12.3xr
- version/cisco ios/12.4t
- version/cisco ios/12.3ya
- version/cisco ios/12.3xs
- version/cisco ios/12.3xw
- version/cisco ios/12.4mr
- version/cisco ios/12.3yj
- version/cisco ios/12.3t
- version/cisco ios/12.3yd
- version/cisco ios/12.3yk
- version/cisco ios/12.3yt
- version/cisco ios/12.3yz
- version/cisco ios/12.3yg
- version/cisco ios/12.3xy
- version/cisco ios/12.4
- version/cisco ios/12.4xa
- version/cisco ios/12.3yx
- version/cisco ios/12.3xq
- version/cisco ios/12.3ys
- version/cisco ios/12.3yh
- version/cisco ios/12.4xb
- version/cisco ios/12.3xx
- version/cisco ios/12.3yi