Executive Summary

Summary
Title Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
Informations
Name cisco-sa-20080924-l2tp First vendor Publication 2008-06-11
Vendor Cisco Last vendor Modification 2008-09-24
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases.

Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable.

This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0 (...)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5362
 
Oval ID: oval:org.mitre.oval:def:5362
Title: Cisco IOS Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
Description: Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
Family: ios Class: vulnerability
Reference(s): CVE-2008-3813
Version: 1
Platform(s): Cisco IOS
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 9

Open Source Vulnerability Database (OSVDB)

Id Description
48733 Cisco IOS Crafted Layer 2 Tunneling Protocol (L2TP) Packet Remote DoS

Nessus® Vulnerability Scanner

Date Description
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-l2tphttp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 10:21:54
  • Multiple Updates
2013-05-11 00:42:32
  • Multiple Updates