Cisco IOS Software VPLS denial of service (cisco-sa-20170927-vpls)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version and configuration, the Cisco
IOS software running on the remote device is affected by a denial of
service vulnerability in the Virtual Private LAN Service (VPLS)
feature. An unauthenticated, remote attacker can exploit this, via
specially crafted requests, to cause the switch to stop processing
traffic, requiring a device restart to regain functionality.

See also :

http://www.nessus.org/u?7982d6f3

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCva61927.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: CISCO

Nessus Plugin ID: 103672 ()

Bugtraq ID: 101040

CVE ID: CVE-2017-12238

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now