Cisco IOS ARP Table Overwrite Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

It is possible to send an Address Resolution Protocol (ARP) packet on a
local broadcast interface (for example, Ethernet, cable, Token Ring,
FDDI) which could cause a router or switch running specific versions of
Cisco IOS Software Release to stop sending and receiving ARP packets
on the local router interface. This will in a short time cause the
router and local hosts to be unable to send packets to each other. ARP
packets received by the router for the router's own interface address
but a different Media Access Control (MAC) address will overwrite the
router's MAC address in the ARP table with the one from the received
ARP packet. This was demonstrated to attendees of the Black Hat
conference and should be considered to be public knowledge. This attack
is only successful against devices on the segment local to the attacker
or attacking host.
This vulnerability is documented in Cisco Bug ID CSCdu81936, and a
workaround is available.

See also :

http://www.nessus.org/u?fb24d347
http://www.nessus.org/u?cc4073eb

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20011115-ios-arp-overwrite.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 48961 (cisco-sa-20011115-ios-arp-overwritehttp.nasl)

Bugtraq ID: 3547

CVE ID: CVE-2001-0895