Cisco IOS XE Software IPv6 Denial of Service (cisco-sa-20140326-ipv6

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version, the version of Cisco IOS XE
running on the remote host is affected by a denial of service
vulnerability in the IPv6 protocol stack. This issue exists due to
improper handling of certain, unspecified types of IPv6 packets. An
unauthenticated, remote attacker could potentially exploit this issue
by sending a specially crafted IPv6 packet resulting in a denial of
service.

Note that this issue only affects hosts with IPv6 enabled.

See also :

http://www.nessus.org/u?8f6aa73d
http://tools.cisco.com/security/center/viewAlert.x?alertId=33351

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20140326-ipv6.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 73343 ()

Bugtraq ID: 66467

CVE ID: CVE-2014-2113