Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding
Infrastructure (MFI) is vulnerable to a denial of service (DoS) attack
from specially crafted packets. Only the MFI is affected by this
vulnerability. Older Label Forwarding Information Base (LFIB)
implementation, which is replaced by MFI, is not affected.

Cisco has released free software updates that address this
vulnerability.

See also :

http://www.nessus.org/u?f9f25a71
http://www.nessus.org/u?3530bda4

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080924-mfi.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49022 (cisco-sa-20080924-mfihttp.nasl)

Bugtraq ID: 31360

CVE ID: CVE-2008-3804