CVE-2010-4671

Name: CVE-2010-4671
Creator: NVD / NIST
Published: 2011-01-07T12:00:49.813+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.62%

Last modified Jun 16, 2026

CVE-2010-4671 is a vulnerability of currently unknown severity. The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.. EPSS estimates a 3.62% chance of exploitation in the next 30 days.

Description

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.

Metrics

EPSS Probability

3.62%

88.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Cisco	Ios	< 15.0\(1\)xa5

References

http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.htmlExploit, Third Party Advisory
http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3Exploit, Third Party Advisory
http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4Third Party Advisory
http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdfBroken Link
http://www.securityfocus.com/bid/45760Third Party Advisory, VDB Entry
http://www.youtube.com/watch?v=00yjWB6gGy8Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/64589Third Party Advisory, VDB Entry
http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.htmlExploit, Third Party Advisory
http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3Exploit, Third Party Advisory
http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4Third Party Advisory
http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdfBroken Link
http://www.securityfocus.com/bid/45760Third Party Advisory, VDB Entry
http://www.youtube.com/watch?v=00yjWB6gGy8Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/64589Third Party Advisory, VDB Entry

Timeline

Published: Jan 7, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-4671?

How severe is CVE-2010-4671?

Severity scoring for CVE-2010-4671 is pending analysis. The EPSS model estimates a 3.62% probability of exploitation in the next 30 days.

How do I fix CVE-2010-4671?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-4671?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST