Information Leakage Using IPv6 Routing Header in Cisco IOS XR (cisco-sa-20070808-IOS-IPv6-leak)

This script is (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS XR contains a vulnerability when processing specially crafted
IPv6 packets with a Type 0 Routing Header present. Exploitation of
this vulnerability leads to information leakage on affected IOS and
IOS XR devices, and can also result in a crash of the affected IOS
device. Successful exploitation on an affected device running Cisco
IOS XR will not result in a crash of the device itself, but may result
in a crash of the IPv6 subsystem.

Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate
the effects of the vulnerability.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.5

Family: CISCO

Nessus Plugin ID: 71432 ()

Bugtraq ID:

CVE ID: CVE-2007-4285

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now