Cisco IOS DFS Access List Leakage - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Errors in certain Cisco IOS software versions for certain routers can
cause IP datagrams to be output to network interfaces even though
access lists have been applied to filter those datagrams. This applies
to routers from the Cisco 7xxx family only, and only when those routers
have been configured for distributed fast switching (DFS).
There are two independent vulnerabilities, which have been given Cisco
bug IDs CSCdk35564 and CSCdk43862. Each vulnerability affects only a
specialized subset of DFS configurations. Affected configurations are
not believed to be extremely common, but neither are they extremely
rare. More details of affected configurations are in the "Who is
Affected" section of this document.
These vulnerabilities may permit users to send packets to parts of the
customer's network for which they are not authorized. This may permit
unauthorized access or other attacks on customer computer systems or
data. Cisco does not know of any incidents in which these
vulnerabilities have actually been exploited by attackers.
Neither vulnerability affects any Cisco product other than routers in
the 70xx or 75xx series. Of 70xx routers, only routers with the
optional route-switch processor (RSP) card are affected. Additional
configuration conditions apply.

See also :

http://www.nessus.org/u?bb5faf44
http://www.nessus.org/u?c410b1d6

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-19981105-ios-dfs-acl.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: CISCO

Nessus Plugin ID: 48945 (cisco-sa-19981105-ios-dfs-aclhttp.nasl)

Bugtraq ID:

CVE ID: CVE-1999-1464
CVE-1999-1465