This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
A vulnerability exists in the Cisco IOS software implementation of
Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS
Several features enable the L2TP mgmt daemon process within Cisco IOS
software, including but not limited to Layer 2 virtual private networks
(L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group
Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks
(VPDN). Once this process is enabled the device is vulnerable.
This vulnerability will result in a reload of the device when
processing a specially crafted L2TP packet.
Cisco has released free software updates that address this
Workarounds that mitigate this vulnerability are available.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true
Nessus Plugin ID: 49021 (cisco-sa-20080924-l2tphttp.nasl)
Bugtraq ID: 31358
CVE ID: CVE-2008-3813
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.