Cisco IOS Software RSVP Denial of Service Vulnerability (cisco-sa-20120328-rsvp)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software and Cisco IOS XE Software contain a vulnerability
in the RSVP feature when used on a device configured with VPN routing
and forwarding (VRF) instances. This vulnerability could allow an
unauthenticated, remote attacker to cause an interface wedge, which
can lead to loss of connectivity, loss of routing protocol adjacency,
and other denial of service (DoS) conditions. This vulnerability could
be exploited repeatedly to cause an extended DoS condition. A
workaround is available to mitigate this vulnerability. Cisco has
released free software updates that address this vulnerability.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 58571 ()

Bugtraq ID: 52754

CVE ID: CVE-2012-1311

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now