Cisco IOS CEF Packet Information Disclosure (Bug ID CSCdu20643)

medium Nessus Network Monitor Plugin ID 2214

Synopsis

The remote host passes information across the network in an insecure manner.

Description

If the remote device has Cisco Express Forwarding (CEF) enabled, it may leak information from previous packets that have been handled by the device. An attacker may use this vulnerability to sniff your network remotely. This vulnerability is documented as Cisco Bug ID CSCdu20643.

Solution

http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml

Plugin Details

Severity: Medium

ID: 2214

Family: SNMP

Published: 9/3/2004

Updated: 3/6/2019

Nessus ID: 10983

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Reference Information

CVE: CVE-2002-0339

BID: 4191