CVE-2008-3803

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
ciscoios
12.0s:s
ciscoios
12.0sx:sx
ciscoios
12.0sz:sz
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/31990
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014a9.shtml
http://www.securityfocus.com/bid/31366
http://www.securitytracker.com/id?1020940
http://www.vupen.com/english/advisories/2008/2670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5919
http://secunia.com/advisories/31990
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014a9.shtml
http://www.securityfocus.com/bid/31366
http://www.securitytracker.com/id?1020940
http://www.vupen.com/english/advisories/2008/2670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5919