Cisco IOS Software Processing of SAA Packets - Cisco Systems

This script is (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

The Service Assurance Agent (SAA) is the new name for the Response Time
Reporter (RTR) feature.
The router is vulnerable only if the RTR responder is enabled. When the
router receives a malformed RTR packet, it will crash. RTR is disabled
by default.
There is no workaround short of disabling the RTR responder. It is
possible to mitigate the vulnerability by applying the access control
list (ACL) on the router.

See also :

http://www.nessus.org/u?7e84eef2
http://www.nessus.org/u?edd86ded

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20030515-saa.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 55385 ()

Bugtraq ID: 7607

CVE ID: CVE-2003-0305

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial