Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco Catalyst 6500 series systems that are running certain versions of
Cisco Internetwork Operating System (IOS) are vulnerable to an attack
from a Multi Protocol Label Switching (MPLS) packet. Only the systems
that are running in Hybrid Mode (Catalyst OS (CatOS) software on the
Supervisor Engine and IOS Software on the Multilayer Switch Feature
Card (MSFC)) or running with Cisco IOS Software Modularity are
affected.
MPLS packets can only be sent from the local network segment.

See also :

http://www.nessus.org/u?0e6ad627
http://www.nessus.org/u?9b184f9d

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070228-mpls.

Risk factor :

Medium / CVSS Base Score : 6.1
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C)

Family: CISCO

Nessus Plugin ID: 49001 (cisco-sa-20070228-mplshttp.nasl)

Bugtraq ID:

CVE ID: CVE-2007-1258