CVE-2008-1156

Cisco IOS 12.0-12.4 - Unauthenticated Multicast State Manipulation via MDT Data Join Message

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.

References (8)

Core 8
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1006/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41468
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-087B.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28464
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29507
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019715
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648

Scores

EPSS 0.0271
EPSS Percentile 84.2%

Details

CWE
CWE-16 CWE-200
Status published
Products (4)
cisco/cisco_ios 12.3
cisco/cisco_ios 12.4
cisco/ios 12.0
cisco/ios 12.2
Published Mar 27, 2008
Tracked Since Feb 18, 2026