Cisco IOS Next Hop Resolution Protocol Vulnerability

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS
contains a vulnerability that can result in a restart of the device or
possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private
Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over
Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels
and directly on IP (IP protocol number 54). This vulnerability affects
all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

See also :

http://www.nessus.org/u?2fcf9921
http://www.nessus.org/u?36e72cc2

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070808-nhrp.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49008 (cisco-sa-20070808-nhrphttp.nasl)

Bugtraq ID: 25238

CVE ID: CVE-2007-4286