VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2363

seil/x1_firmware, seil/x2_firmware, seil/b1_firmware: The IPv6 Unicast Reverse Path Forwarding (RPF) impl...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2363

Original

The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-08-30

Source Information Category:

Advisory, Alert

Last Updated:

2010-08-31

Affected Product Tags

cpe:/a:iij:seil%2Fb1_firmware:1.00

cpe:/a:iij:seil%2Fb1_firmware:2.01

cpe:/a:iij:seil%2Fb1_firmware:2.10

cpe:/a:iij:seil%2Fb1_firmware:2.20

cpe:/a:iij:seil%2Fb1_firmware:2.30

cpe:/a:iij:seil%2Fb1_firmware:2.40

cpe:/a:iij:seil%2Fb1_firmware:2.41

cpe:/a:iij:seil%2Fb1_firmware:2.42

cpe:/a:iij:seil%2Fb1_firmware:2.50

cpe:/a:iij:seil%2Fb1_firmware:2.51

cpe:/a:iij:seil%2Fb1_firmware:2.52

cpe:/a:iij:seil%2Fb1_firmware:2.60

cpe:/a:iij:seil%2Fb1_firmware:2.61

cpe:/a:iij:seil%2Fb1_firmware:2.62

cpe:/a:iij:seil%2Fb1_firmware:2.63

cpe:/a:iij:seil%2Fb1_firmware:2.70

cpe:/a:iij:seil%2Fb1_firmware:2.72

cpe:/a:iij:seil%2Fx1_firmware:1.10

cpe:/a:iij:seil%2Fx1_firmware:1.11

cpe:/a:iij:seil%2Fx1_firmware:1.20

cpe:/a:iij:seil%2Fx1_firmware:1.21

cpe:/a:iij:seil%2Fx1_firmware:1.22

cpe:/a:iij:seil%2Fx1_firmware:1.30

cpe:/a:iij:seil%2Fx1_firmware:1.31

cpe:/a:iij:seil%2Fx1_firmware:1.32

cpe:/a:iij:seil%2Fx1_firmware:1.40

cpe:/a:iij:seil%2Fx1_firmware:1.41

cpe:/a:iij:seil%2Fx1_firmware:1.43

cpe:/a:iij:seil%2Fx1_firmware:1.44

cpe:/a:iij:seil%2Fx1_firmware:2.10

cpe:/a:iij:seil%2Fx1_firmware:2.20

cpe:/a:iij:seil%2Fx1_firmware:2.30

cpe:/a:iij:seil%2Fx1_firmware:2.40

cpe:/a:iij:seil%2Fx1_firmware:2.41

cpe:/a:iij:seil%2Fx1_firmware:2.42

cpe:/a:iij:seil%2Fx1_firmware:2.50

cpe:/a:iij:seil%2Fx1_firmware:2.51

cpe:/a:iij:seil%2Fx1_firmware:2.52

cpe:/a:iij:seil%2Fx1_firmware:2.60

cpe:/a:iij:seil%2Fx1_firmware:2.61

cpe:/a:iij:seil%2Fx1_firmware:2.62

cpe:/a:iij:seil%2Fx1_firmware:2.63

cpe:/a:iij:seil%2Fx1_firmware:2.70

cpe:/a:iij:seil%2Fx1_firmware:2.72

cpe:/a:iij:seil%2Fx1_firmware:2.73

cpe:/a:iij:seil%2Fx2_firmware:1.00

cpe:/a:iij:seil%2Fx2_firmware:1.10

cpe:/a:iij:seil%2Fx2_firmware:1.11

cpe:/a:iij:seil%2Fx2_firmware:1.20

cpe:/a:iij:seil%2Fx2_firmware:1.21

cpe:/a:iij:seil%2Fx2_firmware:1.22

cpe:/a:iij:seil%2Fx2_firmware:1.30

cpe:/a:iij:seil%2Fx2_firmware:1.31

cpe:/a:iij:seil%2Fx2_firmware:1.32

cpe:/a:iij:seil%2Fx2_firmware:1.40

cpe:/a:iij:seil%2Fx2_firmware:1.41

cpe:/a:iij:seil%2Fx2_firmware:1.43

cpe:/a:iij:seil%2Fx2_firmware:1.44

cpe:/a:iij:seil%2Fx2_firmware:2.10

cpe:/a:iij:seil%2Fx2_firmware:2.20

cpe:/a:iij:seil%2Fx2_firmware:2.30

cpe:/a:iij:seil%2Fx2_firmware:2.40

cpe:/a:iij:seil%2Fx2_firmware:2.41

cpe:/a:iij:seil%2Fx2_firmware:2.42

cpe:/a:iij:seil%2Fx2_firmware:2.50

cpe:/a:iij:seil%2Fx2_firmware:2.51

cpe:/a:iij:seil%2Fx2_firmware:2.52

cpe:/a:iij:seil%2Fx2_firmware:2.60

cpe:/a:iij:seil%2Fx2_firmware:2.61

cpe:/a:iij:seil%2Fx2_firmware:2.62

cpe:/a:iij:seil%2Fx2_firmware:2.63

cpe:/a:iij:seil%2Fx2_firmware:2.70

cpe:/a:iij:seil%2Fx2_firmware:2.72

cpe:/h:iij:seil%2Fb1

cpe:/h:iij:seil%2Fx1

cpe:/h:iij:seil%2Fx2

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www.seil.jp/seilseries/security/2010/a00875.php

JVN JVN#12683004

JVNDB JVNDB-2010-000032

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)