CVE-2006-6489

Current Description

The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.

Basic Data

PublishedJanuary 18, 2007
Last ModifiedMarch 08, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSiscoAx-s4 Iccp3.0103*******
    2.3ApplicationSiscoAx-s4 Iccp3.0155*******
    2.3ApplicationSiscoAx-s4 Mms5.01*******
    2.3ApplicationSiscoAx-s4 Mms5.02*******
    2.3ApplicationSiscoIccp Toolkit4.10_for_mms-ease*******
    2.3ApplicationSiscoIccp Toolkit5.03_for_mms-ease*******
    2.3ApplicationSiscoIso Stack3*******
    2.3ApplicationSiscoMms-ease7.10*******
    2.3ApplicationSiscoMms-ease8.03*******

Vulnerable Software List

VendorProductVersions
Sisco Iccp Toolkit 4.10_for_mms-ease, 5.03_for_mms-ease
Sisco Ax-s4 Iccp 3.0103, 3.0155
Sisco Iso Stack 3
Sisco Ax-s4 Mms 5.01, 5.02
Sisco Mms-ease 7.10, 8.03

References

NameSourceURLTags
32924http://osvdb.org/32924OSVDB
23819http://secunia.com/advisories/23819SECUNIA
VU#145825http://www.kb.cert.org/vuls/id/145825CERT-VNUS Government Resource
http://www.kb.cert.org/vuls/id/MIMG-6TUHTThttp://www.kb.cert.org/vuls/id/MIMG-6TUHTTMISC
22095http://www.securityfocus.com/bid/22095BID
ADV-2007-0237http://www.vupen.com/english/advisories/2007/0237VUPEN