Security Intelligence Operations - Cisco Systems
Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation
 

Security Intelligence Operations


Cisco IOS Multi Protocol Label Switching Forwarding Infrastructure Denial of Service Vulnerability

 
Vulnerability AlertPowered by Cisco Security IntelliShield Alert Manager
Threat Type:Unintended Weakness: Denial of Service
IntelliShield ID:16635
Version:1
First Published:September 24, 2008 12:52 PM EDT
Last Published:September 24, 2008 12:52 PM EDT
Vector:Network
Authentication:None
Exploit:Functional
Port: Not Available
CVE:CVE-2008-3804
BugTraq ID:31360
 
Urgency: Unlikely Use
Credibility: Confirmed
Severity: Mild Damage
CVSS Base:7.8 CVSS Calculator
CVSS Version 2
CVSS Temporal:6.4
 
Version Summary:

Cisco IOS software contains a vulnerability in the Multi Protocol Label Switching forwarding infrastructure that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updated software is available.

 
 
Description

Cisco IOS software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to an error by the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI). An attacker could exploit the vulnerability by sending malicious packets to the targeted device. This action could cause the device to reload.

Functional exploit code exists.

Cisco has confirmed this vulnerability and released updated software.

 
Warning Indicators

Cisco has published a list of affected Cisco IOS products in the security advisory. These products are vulnerable if configured for MPLS.
 
IntelliShield Analysis

Cisco introduced MPLS MFI to replace Label Forwarding Information Base (LFIB). Only newer devices that are configured for MPLS are vulnerable.

Cisco indicated through CVSS scoring the existence of functional exploit code; however, this exploit code is not known to be publicly available.
 
Vendor Announcements

Cisco has released a security advisory for Cisco bug ID CSCsk93241 at the following link: cisco-sa-20080924-mfi

 
Impact

An unauthenticated, remote attacker could exploit this vulnerability to cause the target device to reload. Repeated exploits could result in a persistent DoS condition.

 
Technical Information

The vulnerability is due to an error by the MPLS MFI when handling MPLS packets in the software path. To exploit the vulnerability, an unauthenticated, remote attacker must have access to an MPLS network via an interface that is configured for MPLS. By sending malicious packets to a MPLS-configured interface, the attacker could cause the target device to reload. If the attacker sends the malicious packet to an interface that is not configured for MPLS, the interface will drop the packet.
 
Safeguards

Administrators are advised to apply the appropriate update.

Administrators are advised to disable MPLS on any interface where it is not strictly necessary.

Administrators are advised to restrict access to affected systems to trusted networks.

 
Patches/Software

Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com.
 
Alert History
 

Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
CiscoIOS12.2EY Base | 12.2S Base | 12.2SB Base | 12.2SBC Base | 12.2SCA Base | 12.2SE Base | 12.2SED Base | 12.2SEE Base | 12.2SEG Base | 12.2SG Base | 12.2SRA Base | 12.2SRB Base | 12.2SRC Base | 12.2SV Base | 12.2SVA Base | 12.2SVC Base | 12.2SVD Base | 12.2SW Base | 12.2SXH Base | 12.2XN Base | 12.2ZX Base | 12.4XQ Base | 12.4XR Base | 12.4XY Base | 12.4XZ Base

Associated Products:
N/A


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

Related Links

Feedback

 Which alert section is most useful?
 Affected Products/Versions
Patches/Software Updates
Safeguards
Technical Information/Analysis
Description
 
What additional information should IntelliShield alerts include?
 
Do you use the CVSS scoring provided in alerts? Why?