Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability (cisco-sa-20120926-bgp)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software contains a vulnerability in the Border Gateway
Protocol (BGP) routing protocol feature. The vulnerability can be
triggered when the router receives a malformed attribute from a peer
on an existing BGP session. Successful exploitation of this
vulnerability can cause all BGP sessions to reset. Repeated
exploitation may result in an inability to route packets to BGP
neighbors during reconvergence times. Cisco has released free software
updates that address this vulnerability. There are no workarounds for
this vulnerability.

See also :

http://www.nessus.org/u?cfb7f0ef

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120926-bgp.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 62370 ()

Bugtraq ID: 55694

CVE ID: CVE-2012-4617