Cisco IOS XR Software Malformed Border Gateway Protocol Attribute Vulnerability (cisco-sa-20120926-bgp)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS XR Software contains a vulnerability in the Border Gateway
Protocol (BGP) routing protocol feature. The vulnerability can be
triggered when the router receives a malformed attribute from a peer on
an existing BGP session. Successful exploitation of this vulnerability
can cause all BGP sessions to reset. Repeated exploitation may result
in an inability to route packets to BGP neighbors during reconvergence
times. Cisco has released free software updates that address this
vulnerability. There are no workarounds for this vulnerability.

See also :

http://www.nessus.org/u?cfb7f0ef

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120926-bgp.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 71436 ()

Bugtraq ID: 55694

CVE ID: CVE-2012-4617