Cisco IOS Software Crafted IPv6 over MPLS Denial of Service Vulnerability

2011-09-28T16:22:44
ID CISCO-SA-20110928-CVE-2011-3274
Type cisco
Reporter Cisco
Modified 2012-07-14T12:38:24

Description

A crafted IPv6 packet may cause the device to crash when the packet is processed by Cisco IOS Software because the MPLS TTL has expired. The crafted packet used to exploit this vulnerability would be silently discarded in Cisco IOS Software if received on an interface where the packet did not have an MPLS label.

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on a targeted device.

The vulnerability is due to the processing of IP version 6 (IPv6) packets by the vulnerable version of software on an affected device. If an unauthenticated, remote attacker is able to access and send these packets to the vulnerable device, the device may reload, causing a DoS condition and disrupting normal operations.

Cisco has confirmed this vulnerability in a security advisory and has released updated software.

It is likely that an attacker would need to have access to an internal, private network--more specifically to an adjacent network--to send crafted packets to a vulnerable device. This requirement could limit the possibility for an attack.

In addition, a crafted packet used to exploit this vulnerability would be silently discarded if received on an interface if the packet did not have an MPLS label.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.