Executive Summary
| Summary | |
|---|---|
| Title | Cisco IOS fails to properly handle Next Hop Resolution Protocol packets |
| Informations | |||
|---|---|---|---|
| Name | VU#201984 | First vendor Publication | 2007-08-09 |
| Vendor | VU-CERT | Last vendor Modification | 2007-08-10 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Vulnerability Note VU#201984Cisco IOS fails to properly handle Next Hop Resolution Protocol packetsOverviewCisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.I. DescriptionCisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a feature called Next Hop Resolution Protocol (NHRP). NHRP is a component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature. NHRP is not enabled by default in Cisco IOS. Cisco IOS fails to properly handle NHRP packets. According to the Cisco Security Advisory,NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on an affected device.III. SolutionApply an updateThis issue is addressed in Cisco Security Advisory cisco-sa-20070808-nhrp.
References
Thanks to Cisco for reporting this vulnerability, who in turn credit Martin Kluge. This document was written by Will Dormann.
|
Original Source
| Url : http://www.kb.cert.org/vuls/id/201984 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5675 | |||
| Oval ID: | oval:org.mitre.oval:def:5675 | ||
| Title: | Cisco IOS Next Hop Resolution Protocol Buffer Overflow Vulnerability | ||
| Description: | Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet. | ||
| Family: | ios | Class: | vulnerability |
| Reference(s): | CVE-2007-4286 | Version: | 1 |
| Platform(s): | Cisco IOS | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 5 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 36692 | Cisco IOS Next Hop Resolution Protocol (NHRP) Packet Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Cisco NHRP incorrect packet size RuleID : 12300 - Revision : 5 - Type : OS-OTHER |
| 2014-01-10 | Cisco NHRP incorrect packet size RuleID : 12299 - Revision : 5 - Type : OS-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-nhrphttp.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:07:35 |
|
| 2013-05-11 12:26:31 |
|
