Cisco IOS Next Hop Resolution Protocol Vulnerability

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS
contains a vulnerability that can result in a restart of the device or
possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private
Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over
Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels
and directly on IP (IP protocol number 54). This vulnerability affects
all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49008 (cisco-sa-20070808-nhrphttp.nasl)

Bugtraq ID: 25238

CVE ID: CVE-2007-4286

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now