This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for Multiprotocol Label Switching (MPLS) Virtual Private
Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using
Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider
Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended
communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.2
Public Exploit Available : true