CVE-2007-5651
CVE-2007-5651 is a high-severity vulnerability in Cisco Catos with a CVSS 2.0 base score of 7.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.1)
- EPSS exploit prediction: 2% (76th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Cisco Catos
- Published:
- Last modified:
Description
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet.
Frequently asked questions
- What is CVE-2007-5651?
- Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet.
- How severe is CVE-2007-5651?
- CVE-2007-5651 has a CVSS 2.0 base score of 7.1, rated high severity.
- Is CVE-2007-5651 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (76th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-5651?
- CVE-2007-5651 primarily affects Cisco Catos. In total, 22 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-5651?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2007-5651 published?
- CVE-2007-5651 was published on 2007-10-23 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/27329
- http://www.cisco.com/en/US/products/products_security_response09186a00808de8bb.html
- http://www.securityfocus.com/bid/26139
- http://www.securitytracker.com/id?1018842
- http://www.vupen.com/english/advisories/2007/3566
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37300
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5288
Affected products (22)
- cpe:2.3:o:cisco:catos:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:catos:8.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.3ja:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.3jea:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.3jeb:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.3jec:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.4ja:*:*:*:*:*:*:*
More vulnerabilities in Cisco Catos
- CVE-2003-0216 — Critical (CVSS 9.3): Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the…
- CVE-2006-4775 — High (CVSS 7.8): The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of…
- CVE-2005-4258 — High (CVSS 7.8): Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet…
- CVE-2001-0041 — High (CVSS 7.8): Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service…
- CVE-2008-4963 — High (CVSS 7.1): Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP…
- CVE-2002-1222 — High (CVSS 7.1): Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote…