CiscoCISCO-SA-20110928-CVE-2011-3274Cisco IOS Software Crafted IPv6 over MPLS Denial of Service Vulnerability
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
33.2%
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on a targeted device.
The vulnerability is due to the processing of IP version 6 (IPv6) packets by the vulnerable version of software on an affected device. If an unauthenticated, remote attacker is able to access and send these packets to the vulnerable device, the device may reload, causing a DoS condition and disrupting normal operations.
Cisco has confirmed this vulnerability in a security advisory and has released updated software.
It is likely that an attacker would need to have access to an internal, private network–more specifically to an adjacent network–to send crafted packets to a vulnerable device. This requirement could limit the possibility for an attack.
In addition, a crafted packet used to exploit this vulnerability would be silently discarded if received on an interface if the packet did not have an MPLS label.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
Related
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
33.2%