Detections
Analytics

Crafted Packet Causes Reload on Cisco Routers

medium Nessus Plugin ID 48982

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on interfaces where MPLS is not configured. A system that supports MPLS is vulnerable even if that system is not configured for MPLS.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable. Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20050126-les.

See Also

http://www.nessus.org/u?d6d89359

http://www.nessus.org/u?77bb5d40

Plugin Details

Severity: Medium

ID: 48982

File Name: cisco-sa-20050126-leshttp.nasl

Version: 1.13

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2005

Vulnerability Publication Date: 1/26/2005

Reference Information

CVE: CVE-2005-0197

BID: 12369

CWE: 16

CERT: 583638

CISCO-SA: cisco-sa-20050126-les

CISCO-BUG-ID: CSCeb56909, CSCec86420