This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for Multiprotocol Label Switching (MPLS) Virtual Private
Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using
Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider
Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended
communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.2
Public Exploit Available : true
Nessus Plugin ID: 49028 (cisco-sa-20080924-vpnhttp.nasl)
Bugtraq ID: 31366
CVE ID: CVE-2008-3803
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.