Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability (cisco-sa-20120926-c10k-tunnels)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software contains a queue wedge vulnerability that can be
triggered when processing IP tunneled packets. Only Cisco IOS Software
running on the Cisco 10000 Series router has been demonstrated to be
affected. Successful exploitation of this vulnerability may prevent
traffic from transiting the affected interfaces. Cisco has released
free software updates that addresses this vulnerability. There are no
workarounds for this vulnerability.

See also :

http://www.nessus.org/u?a9f98e6e

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120926-c10k-tunnels.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: CISCO

Nessus Plugin ID: 62371 ()

Bugtraq ID:

CVE ID: CVE-2012-4620