CVE-2010-4670
First published: Fri Jan 07 2011(Updated: )
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance Software | <=8.2\(3\) | |
| Cisco Adaptive Security Appliance Software | =7.0 | |
| Cisco Adaptive Security Appliance Software | =7.0\(0\) | |
| Cisco Adaptive Security Appliance Software | =7.0\(2\) | |
| Cisco Adaptive Security Appliance Software | =7.0\(4\) | |
| Cisco Adaptive Security Appliance Software | =7.0\(5\) | |
| Cisco Adaptive Security Appliance Software | =7.0\(5.2\) | |
| Cisco Adaptive Security Appliance Software | =7.0\(6.7\) | |
| Cisco Adaptive Security Appliance Software | =7.0.1 | |
| Cisco Adaptive Security Appliance Software | =7.0.1.4 | |
| Cisco Adaptive Security Appliance Software | =7.0.2 | |
| Cisco Adaptive Security Appliance Software | =7.0.4 | |
| Cisco Adaptive Security Appliance Software | =7.0.4.3 | |
| Cisco Adaptive Security Appliance Software | =7.0.5 | |
| Cisco Adaptive Security Appliance Software | =7.0.6 | |
| Cisco Adaptive Security Appliance Software | =7.0.7 | |
| Cisco Adaptive Security Appliance Software | =7.0.8 | |
| Cisco Adaptive Security Appliance Software | =7.0.8-interim | |
| Cisco Adaptive Security Appliance Software | =7.1 | |
| Cisco Adaptive Security Appliance Software | =7.1\(2\) | |
| Cisco Adaptive Security Appliance Software | =7.1\(2.5\) | |
| Cisco Adaptive Security Appliance Software | =7.1\(2.27\) | |
| Cisco Adaptive Security Appliance Software | =7.1\(2.48\) | |
| Cisco Adaptive Security Appliance Software | =7.1\(2.49\) | |
| Cisco Adaptive Security Appliance Software | =7.1\(5\) | |
| Cisco Adaptive Security Appliance Software | =7.1.1 | |
| Cisco Adaptive Security Appliance Software | =7.1.2 | |
| Cisco Adaptive Security Appliance Software | =7.2 | |
| Cisco Adaptive Security Appliance Software | =7.2\(1\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(1.22\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.5\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.7\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.8\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.10\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.14\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.15\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.16\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.17\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.18\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.19\) | |
| Cisco Adaptive Security Appliance Software | =7.2\(2.48\) | |
| Cisco Adaptive Security Appliance Software | =7.2.1 | |
| Cisco Adaptive Security Appliance Software | =7.2.2 | |
| Cisco Adaptive Security Appliance Software | =7.2.3 | |
| Cisco Adaptive Security Appliance Software | =7.2.4 | |
| Cisco Adaptive Security Appliance Software | =7.2.5 | |
| Cisco Adaptive Security Appliance Software | =8.0 | |
| Cisco Adaptive Security Appliance Software | =8.0.2 | |
| Cisco Adaptive Security Appliance Software | =8.0.3 | |
| Cisco Adaptive Security Appliance Software | =8.0.4 | |
| Cisco Adaptive Security Appliance Software | =8.0.5 | |
| Cisco Adaptive Security Appliance Software | =8.2\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(2\) | |
| Cisco Adaptive Security Appliance Software | =8.2.1 | |
| Cisco Adaptive Security Appliance Software | =8.2.2 | |
| Cisco Adaptive Security Appliance Software | =8.2.2-interim | |
| Cisco Adaptive Security Appliance 5500 | ||
| Cisco ASA 5500 CSC-SSM | ||
| Cisco PIX 506E |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4
- http://www.youtube.com/watch?v=00yjWB6gGy8
- http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf
- http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html
- http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3
- http://www.securityfocus.com/bid/45760
- http://www.securitytracker.com/id?1024963
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64598
Frequently Asked Questions
What is the severity of CVE-2010-4670?
CVE-2010-4670 has a CVSS score indicating high severity due to the potential for denial of service.
How do I fix CVE-2010-4670?
To fix CVE-2010-4670, upgrade your Cisco Adaptive Security Appliance software to version 8.3 or later.
What devices are affected by CVE-2010-4670?
CVE-2010-4670 affects Cisco Adaptive Security Appliances (ASA 5500) and Cisco PIX Security Appliances running vulnerable versions of the software.
What type of attack does CVE-2010-4670 allow?
CVE-2010-4670 allows remote attackers to perform a denial of service attack, causing CPU consumption and device hang.
Is there a workaround for CVE-2010-4670?
There are no known workarounds for CVE-2010-4670, so applying the patch is the recommended mitigation.
- collector/nvd-historical
- agent/references
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/event
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.2\(3\)
- version/cisco adaptive security appliance software/7.0
- version/cisco adaptive security appliance software/7.0\(0\)
- version/cisco adaptive security appliance software/7.0\(2\)
- version/cisco adaptive security appliance software/7.0\(4\)
- version/cisco adaptive security appliance software/7.0\(5\)
- version/cisco adaptive security appliance software/7.0\(5.2\)
- version/cisco adaptive security appliance software/7.0\(6.7\)
- version/cisco adaptive security appliance software/7.0.1
- version/cisco adaptive security appliance software/7.0.1.4
- version/cisco adaptive security appliance software/7.0.2
- version/cisco adaptive security appliance software/7.0.4
- version/cisco adaptive security appliance software/7.0.4.3
- version/cisco adaptive security appliance software/7.0.5
- version/cisco adaptive security appliance software/7.0.6
- version/cisco adaptive security appliance software/7.0.7
- version/cisco adaptive security appliance software/7.0.8
- version/cisco adaptive security appliance software/7.0.8-interim
- version/cisco adaptive security appliance software/7.1
- version/cisco adaptive security appliance software/7.1\(2\)
- version/cisco adaptive security appliance software/7.1\(2.5\)
- version/cisco adaptive security appliance software/7.1\(2.27\)
- version/cisco adaptive security appliance software/7.1\(2.48\)
- version/cisco adaptive security appliance software/7.1\(2.49\)
- version/cisco adaptive security appliance software/7.1\(5\)
- version/cisco adaptive security appliance software/7.1.1
- version/cisco adaptive security appliance software/7.1.2
- version/cisco adaptive security appliance software/7.2
- version/cisco adaptive security appliance software/7.2\(1\)
- version/cisco adaptive security appliance software/7.2\(1.22\)
- version/cisco adaptive security appliance software/7.2\(2\)
- version/cisco adaptive security appliance software/7.2\(2.5\)
- version/cisco adaptive security appliance software/7.2\(2.7\)
- version/cisco adaptive security appliance software/7.2\(2.8\)
- version/cisco adaptive security appliance software/7.2\(2.10\)
- version/cisco adaptive security appliance software/7.2\(2.14\)
- version/cisco adaptive security appliance software/7.2\(2.15\)
- version/cisco adaptive security appliance software/7.2\(2.16\)
- version/cisco adaptive security appliance software/7.2\(2.17\)
- version/cisco adaptive security appliance software/7.2\(2.18\)
- version/cisco adaptive security appliance software/7.2\(2.19\)
- version/cisco adaptive security appliance software/7.2\(2.48\)
- version/cisco adaptive security appliance software/7.2.1
- version/cisco adaptive security appliance software/7.2.2
- version/cisco adaptive security appliance software/7.2.3
- version/cisco adaptive security appliance software/7.2.4
- version/cisco adaptive security appliance software/7.2.5
- version/cisco adaptive security appliance software/8.0
- version/cisco adaptive security appliance software/8.0.2
- version/cisco adaptive security appliance software/8.0.3
- version/cisco adaptive security appliance software/8.0.4
- version/cisco adaptive security appliance software/8.0.5
- version/cisco adaptive security appliance software/8.2\(1\)
- version/cisco adaptive security appliance software/8.2\(2\)
- version/cisco adaptive security appliance software/8.2.1
- version/cisco adaptive security appliance software/8.2.2
- version/cisco adaptive security appliance software/8.2.2-interim
- canonical/cisco adaptive security appliance 5500
- canonical/cisco asa 5500 csc-ssm
- canonical/cisco pix 506e