Cisco IOS Software Network Address Translation Vulnerabilities (cisco-sa-20100922-nat)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets. Cisco has released free software
updates that address these vulnerabilities.

See also :

http://www.nessus.org/u?8b388c30

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20100922-nat.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 17784 ()

Bugtraq ID: 43393
43400
43401

CVE ID: CVE-2010-2831
CVE-2010-2832
CVE-2010-2833