How to Buy
This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS
contains a vulnerability that can result in a restart of the device or
possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private
Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over
Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels
and directly on IP (IP protocol number 54). This vulnerability affects
all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Nessus Plugin ID: 49008 (cisco-sa-20070808-nhrphttp.nasl)
Bugtraq ID: 25238
CVE ID: CVE-2007-4286
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.