Detections
Analytics
Cisco IOS GRE Decapsulation Vulnerability
medium Nessus Plugin ID 17789
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
The remote device contains a flaw in the way GRE packets are handled. By sending a specially crafted GRE packet, an attacker can take advantage of this flaw to potentially bypass access-control lists.Solution
Apply the relevant patch referenced in Cisco Security Advisory cisco-sr-20060906-gre.See Also
http://www.nessus.org/u?f618c509
https://www.securityfocus.com/archive/1/445322/30/0/threaded
Plugin Details
Severity: Medium
ID: 17789
File Name: cisco-sr-20060906-gre.nasl
Version: 1.6
Type: local
Family: CISCO
Published: 1/10/2012
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.6
CVSS v2
Risk Factor: Low
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2006-4650
CVSS v3
Risk Factor: Medium
Base Score: 4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Information
CPE: cpe:/o:cisco:ios
Required KB Items: Host/Cisco/IOS/Version
Patch Publication Date: 9/6/2006
Vulnerability Publication Date: 9/6/2006
Reference Information
CVE: CVE-2006-4650
CISCO-SR: cisco-sr-20060906-gre
CISCO-BUG-ID: CSCea22552, CSCei62762, CSCuk27655