Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4437


Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4437
Last Modified 07 Mar 2011 09:28:15
Published 20 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.

Vulnerable Systems


  • Extended Interior Gateway Routing Protocol 1.2


VUPEN - ADV-2005-3008

BUGTRAQ - 20051220 Re: Unauthenticated EIGRP DoS

BUGTRAQ - 20051219 Authenticated EIGRP DoS / Information leak

FULLDISC - 20051220 RE: Authenticated EIGRP DoS / Information leak

BID - 15970

SECTRACK - 1015382


Last Updated: 27 May 2016 10:41:18