Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that
run branches of Cisco IOS based on 12.2 can be vulnerable to a denial
of service vulnerability that can prevent any traffic from entering an
affected interface. For a device to be vulnerable, it must be
configured for Open Shortest Path First (OSPF) Sham-Link and Multi
Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This
vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600
Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine
720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The
Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL,
Route Switch Processor 720, Route Switch Processor 720-3C, and Route
Switch Processor 720-3CXL are all potentially vulnerable.
OSPF and MPLS VPNs are not enabled by default.

See also :

http://www.nessus.org/u?06bb02a0
http://www.nessus.org/u?ec51952c

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080326-queue.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 49014 (cisco-sa-20080326-queuehttp.nasl)

Bugtraq ID: 28463

CVE ID: CVE-2008-0537