Cisco IOS GRE Decapsulation Vulnerability

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The remote device contains a flaw in the way GRE packets are handled.
By sending a specially crafted GRE packet, an attacker can take
advantage of this flaw to potentially bypass access-control lists.

See also :

http://www.nessus.org/u?89ca8c19
http://www.securityfocus.com/archive/1/445322/30/0/threaded

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sr-20060906-gre.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Family: CISCO

Nessus Plugin ID: 17789 ()

Bugtraq ID:

CVE ID: CVE-2006-4650