Cisco IOS Software Multicast Source Discovery Protocol DoS (cisco-sa-20120328-msdp)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version number, the remote Cisco IOS
device is affected by a denial of service vulnerability in the
Multicast Source Discovery Protocol (MSDP) implementation. An
unauthenticated, remote attacker can exploit this, via an MSDP packet
containing encapsulated IGMP data, to cause the device to reload.

See also :

http://www.nessus.org/u?9fce961b

Solution :

Upgrade to the relevant fixed version referenced in Cisco Security
Advisory cisco-sa-20120328-msdp. Alternatively, apply the workarounds
detailed in the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 58568 ()

Bugtraq ID: 52759

CVE ID: CVE-2012-0382

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial