Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram
Protocol (UDP) based Inter-Process Communication (IPC) channel that is
externally reachable. An attacker could exploit this vulnerability to
cause a denial of service (DoS) condition on affected devices. No other
platforms are affected.

Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.

See also :

http://www.nessus.org/u?710e01f5
http://www.nessus.org/u?ca03be3a

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080924-ipc.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C)
CVSS Temporal Score : 7.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49020 (cisco-sa-20080924-ipchttp.nasl)

Bugtraq ID: 31363

CVE ID: CVE-2008-3805
CVE-2008-3806