Cisco IOS MPLS VPN May Leak Information - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for Multiprotocol Label Switching (MPLS) Virtual Private
Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using
Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider
Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended
communities on the PE device.
This issue cannot be deterministically exploited by an attacker.

Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.2
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49028 (cisco-sa-20080924-vpnhttp.nasl)

Bugtraq ID: 31366

CVE ID: CVE-2008-3803

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now