Cisco IOS Software RSVP Denial of Service Vulnerability (cisco-sa-20120328-rsvp)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software and Cisco IOS XE Software contain a vulnerability
in the RSVP feature when used on a device configured with VPN routing
and forwarding (VRF) instances. This vulnerability could allow an
unauthenticated, remote attacker to cause an interface wedge, which
can lead to loss of connectivity, loss of routing protocol adjacency,
and other denial of service (DoS) conditions. This vulnerability could
be exploited repeatedly to cause an extended DoS condition. A
workaround is available to mitigate this vulnerability. Cisco has
released free software updates that address this vulnerability.

See also :

http://www.nessus.org/u?3e71fe57

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120328-rsvp.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 58571 ()

Bugtraq ID: 52754

CVE ID: CVE-2012-1311