Cisco IOS VTP Malformed Version Denial of Service Vulnerability

Cisco IOS contains a vulnerability in the VLAN Trunking Protocol (VTP) that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists because the VTP feature in several versions of Cisco IOS software does not properly handle malformed packets sent from the local network. An attacker residing on the local network segment could exploit this vulnerability via a crafted summary packet to cause a DoS condition.

Cisco has confirmed this vulnerability in a security advisory and released updated software to correct it.

To exploit this vulnerability, an attacker must reside on the local network segment and send a crafted summary packet to a device supporting VTP. The device must be configured as either client or server for VTP. Additionally, the packets must be received on a trunk enabled port. Switches configured with a VTP domain password are still affected.

The switch receiving the packet generates syslog messages for either watchdog timeout or CPU hog for process VLAN Manager prior to the software reset. Exploitation causes a DoS condition only until the device reboots. Repeated attacks could cause an extended DoS condition.