This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
According to its self-reported version, the version of Cisco IOS
running on the remote host is affected by multiple denial of service
vulnerabilities in the Network Address Translation (NAT)
- An issue exists in the TCP Input module due to the
improper handling of certain sequences of TCP packets.
An unauthenticated, remote attacker could potentially
exploit this issue by sending a specific sequence of
IPv4 TCP packets resulting in a denial of service.
- An issue exists in the Application Layer Gateway (ALG)
module due to the improper handling of malformed DNS
packets during the NAT procedure. An unauthenticated,
remote attacker could potentially exploit this issue by
sending malformed IPv4 DNS packets resulting in a denial
of service. (CVE-2014-2111)
Note that IPv6 packets cannot be used to exploit these issues.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true