Data Leak with Cisco Express Forwarding Enabled - Cisco Systems

medium Nessus Plugin ID 48964

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

Excluding Cisco 12000 Series Internet Routers, all Cisco devices running Cisco IOS software that have Cisco Express Forwarding (CEF) enabled can leak information from previous packets that have been handled by the device. This can happen if the packet length described in the IP header is bigger than the physical packet size. Packets like these will be expanded to fit the IP length and, during that expansion, an information leak may occur. Please note that an attacker can only collect parts of some packets but not the whole session.
No other Cisco product is vulnerable. Devices that have fast switching enabled are not affected by this vulnerability. Cisco 12000 Series Internet Routers are not affected by this vulnerability.
The workaround for this vulnerability is to disable CEF.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20020227-ios-cef.

See Also

http://www.nessus.org/u?680f78f5

http://www.nessus.org/u?5e26ba6c

Plugin Details

Severity: Medium

ID: 48964

File Name: cisco-sa-20020227-ios-cefhttp.nasl

Version: 1.15

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/27/2002

Vulnerability Publication Date: 2/27/2002

Reference Information

CVE: CVE-2002-0339

BID: 4191