Unrated severityNVD Advisory· Published Dec 21, 2005· Updated Apr 16, 2026

CVE-2005-4437

Description

MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.

Affected products

Extended Interior Gateway Routing Protocol/Extended Interior Gateway Routing Protocol
cpe:2.3:a:extended_interior_gateway_routing_protocol:extended_interior_gateway_routing_protocol:1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.htmlnvdVendor Advisory
marc.infonvd
securityreason.com/securityalert/274nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/419830/100/0/threadednvd
www.securityfocus.com/archive/1/419898/100/0/threadednvd
www.securityfocus.com/bid/15970nvd
www.vupen.com/english/advisories/2005/3008nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5741nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000