Data Leak with Cisco Express Forwarding Enabled - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Excluding Cisco 12000 Series Internet Routers, all Cisco devices
running Cisco IOS software that have Cisco Express Forwarding (CEF)
enabled can leak information from previous packets that have been
handled by the device. This can happen if the packet length described
in the IP header is bigger than the physical packet size. Packets like
these will be expanded to fit the IP length and, during that expansion,
an information leak may occur. Please note that an attacker can only
collect parts of some packets but not the whole session.
No other Cisco product is vulnerable. Devices that have fast switching
enabled are not affected by this vulnerability. Cisco 12000 Series
Internet Routers are not affected by this vulnerability.
The workaround for this vulnerability is to disable CEF.

See also :

http://www.nessus.org/u?b6d00f24
http://www.nessus.org/u?fba0cf3a

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20020227-ios-cef.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 48964 (cisco-sa-20020227-ios-cefhttp.nasl)

Bugtraq ID: 4191

CVE ID: CVE-2002-0339