| VID |
29053 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS has a data leak with CEF enabled vulnerability(Cisco bug ID CSCdu20643).
This vulnerability can allow an attacker to gain sensitive information from remnants of previous packets. Excluding Cisco 12000 Series Internet Routers, all Cisco devices running Cisco IOS software that have Cisco Express Forwarding (CEF) enabled can leak information from previous packets that have been handled by the device. This can happen if the packet length described in the IP header is bigger than the physical packet size. Packets like these will be expanded to fit the IP length and, during that expansion, an information leak may occur. Please note that an attacker can only collect parts of some packets but not the whole session.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
http://www.kb.cert.org/vuls/id/310387
http://www.ciac.org/ciac/bulletins/m-050.shtml
* Platforms Affected:
CISCO IOS 11.1CC
CISCO IOS 12.0, 12.0S, 12.0T, 12.0ST
CISCO IOS 12.1, 12.1E, 12.1T
CISCO IOS 12.2, 12.2T |
| Recommendation |
Upgrade to the fixed version of Cisco IOS, as listed in "Software Versions and Fixes" of Cisco Security Advisory, http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml . Upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com .
As a workaround, disable CEF on a router. |
| Related URL |
CVE-2002-0339 (CVE) |
| Related URL |
4191 (SecurityFocus) |
| Related URL |
8296 (ISS) |
|
