Cisco IOS CEF Packet Information Disclosure (Bug ID CSCdu20643)

Medium Nessus Network Monitor Plugin ID 2214

Synopsis

The remote host passes information across the network in an insecure manner.

Description

If the remote device has Cisco Express Forwarding (CEF) enabled, it may leak information from previous packets that have been handled by the device. An attacker may use this vulnerability to sniff your network remotely. This vulnerability is documented as Cisco Bug ID CSCdu20643.

Solution

http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml

Plugin Details

Severity: Medium

ID: 2214

File Name: 2214.prm

Family: SNMP

Published: 2004/09/03

Modified: 2016/12/12

Nessus ID: 10983

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2002-0339

BID: 4191

OSVDB: 806