Cisco IOS IPv6 Packet Processing Arbitrary Code Execution (CSCef68324)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote router contains a vulnerability which may allow an attacker to
execute arbitrary code on it.

Description :

The remote version of IOS is vulnerable to a code execution attack
when processing malformed IPv6 packets.

To exploit this flaw, an attacker would need to ability to send a malformed
packet from a local segment and may exploit this issue to cause the remote
device to reload repeatedly or to execute arbitrary code in the remote IOS.

See also :

http://www.nessus.org/u?f9362391

Solution :

Cisco has made a set of patches available which are listed at the address above.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 19771 (CSCef68324.nasl)

Bugtraq ID: 14414

CVE ID: CVE-2005-2451