CVE-2008-2476 · threatengine.sh

Home/CVE/The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) N

CVE

CVE-2008-2476

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) N

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

HIGH · CVSS 9.3 EPSS 0.10501

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 7% of all CVEs by exploitation likelihood
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-20Improper Input Validation

▤

Affected Products & Versions

7

force10 ftosall versions
freebsdall versions
juniper jnosall versions
netbsdall versions
openbsdall versions
windriver vxworks<= 6.4
windriver vxworksall versions

▣

Scoring & Timeline

9.3

HIGH · CVSS v2 (legacy) · cret@cert.org

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Published to NVD03 Oct 2008 · 03:07 PM

🔗

References & Sources

24

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc

http://secunia.com/advisories/32112Vendor Advisory

http://secunia.com/advisories/32116

http://secunia.com/advisories/32117Vendor Advisory

http://secunia.com/advisories/32133

http://secunia.com/advisories/32406

Show all 24 references

http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.ascVendor Advisory

http://securitytracker.com/id?1020968

http://support.apple.com/kb/HT3467

http://www.kb.cert.org/vuls/id/472363US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-7H2RY7US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-7H2S68US Government Resource

http://www.openbsd.org/errata42.html#015_ndp

http://www.openbsd.org/errata43.html#006_ndp

http://www.securityfocus.com/bid/31529

http://www.securitytracker.com/id?1021109

http://www.securitytracker.com/id?1021132

http://www.vupen.com/english/advisories/2008/2750

http://www.vupen.com/english/advisories/2008/2751

http://www.vupen.com/english/advisories/2008/2752

http://www.vupen.com/english/advisories/2009/0633

https://exchange.xforce.ibmcloud.com/vulnerabilities/45601

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670

https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin