Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability (cisco-sa-20130925-rsvp)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in the Resource Reservation Protocol (RSVP) feature
of Cisco IOS Software could allow an unauthenticated, remote attacker
to trigger an interface queue wedge on the affected device. The
vulnerability is due to improper parsing of UDP RSVP packets. An
attacker could exploit this vulnerability by sending UDP port 1698
RSVP packets to the vulnerable device. An exploit could cause Cisco
IOS Software to incorrectly process incoming packets, resulting in an
interface queue wedge, which can lead to loss of connectivity, loss of
routing protocol adjacency, and other denial of service (DoS)
conditions. Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.

It should be noted that this plugin merely checks for an affected IOS
version and does not attempt to perform any additional validity
checks.

See also :

http://www.nessus.org/u?4a057824

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130925-rsvp.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70313 ()

Bugtraq ID: 62646

CVE ID: CVE-2013-5478