Vulnerability Details : CVE-2006-2223
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
Vulnerability category: Input validation
Products affected by CVE-2006-2223
- cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
Threat overview for CVE-2006-2223
Top countries where our scanners detected CVE-2006-2223
Top open port discovered on systems with this issue
2601
IPs affected by CVE-2006-2223 20
Find out if you* are
affected by CVE-2006-2223!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-2223
1.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2223
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2006-2223
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-2223
-
http://securitytracker.com/id?1016204
Access Denied
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985
404 Not Found
-
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26243
Quagga RIPv1 SEND UPDATE information disclosure CVE-2006-2223 Vulnerability Report
-
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
Quagga Routing Suite: Multiple vulnerabilities (GLSA 200605-15) — Gentoo security
-
http://www.securityfocus.com/archive/1/432823/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0525.html
Support
-
http://www.securityfocus.com/bid/17808
Exploit;Patch
-
http://www.securityfocus.com/archive/1/432822/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0533.html
Support
-
http://www.novell.com/linux/security/advisories/2006_17_sr.html
404 Page Not Found | SUSE
-
http://www.debian.org/security/2006/dsa-1059
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
-
https://usn.ubuntu.com/284-1/
404: Page not found | Ubuntu
-
http://bugzilla.quagga.net/show_bug.cgi?id=261
Jump to