Detections
Analytics

Cisco IOS MPLS VPN May Leak Information - Cisco Systems

medium Nessus Plugin ID 49028

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
 This issue is triggered by a logic error when processing extended communities on the PE device.
 This issue cannot be deterministically exploited by an attacker.

 Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20080924-vpn.

See Also

http://www.nessus.org/u?9bfd4ca4

http://www.nessus.org/u?d93c67d5

Plugin Details

Severity: Medium

ID: 49028

File Name: cisco-sa-20080924-vpnhttp.nasl

Version: 1.19

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2008

Vulnerability Publication Date: 9/24/2008

Reference Information

CVE: CVE-2008-3803

BID: 31366

CWE: 20

CISCO-SA: cisco-sa-20080924-vpn

CISCO-BUG-ID: CSCec12299, CSCee83237