Nexpose Vulnerability Database
Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Severe (7) | 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Mar 27, 2009 | Sep 23, 2009 | Apr 7, 2011 |
Description:
Cisco IOS devices configured for Mobile IP Network Address Translation suffer from a denial of service attack, potentially resulting in a blocked interface. For IPv6, this can be caused by an attacker sending a specially crafted MIPv6 packet. For IPv4, this can be caused by sending a specially crafted ICMP packet.
References:
- BID: http://www.securityfocus.com/bid/34241
- CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0633
- CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0634
- SECUNIA: http://secunia.com/advisories/34438/
- URL: http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
- XF: http://xforce.iss.net/xforce/xfdb/49424
- XF: http://xforce.iss.net/xforce/xfdb/49585
Solution:
Upgrade to the latest version of Cisco IOS
Download and apply the upgrade from: http://www.cisco.com/univercd/cc/td/doc/product/software/
Upgrade to the latest version of Cisco IOS that your hardware supports. Upgrading IOS is often complicated by the fact that at any given time, Cisco is working on several different release trains simultaneously. Furthermore, upgrading to the latest version of IOS is not always possible without upgrading the router hardware (for example, adding memory). Consult Cisco's IOS support pages for more information the latest IOS releases. Please refer to http://www.cisco.com/warp/public/620/1.html for an explanation of the Cisco IOS versioning scheme.
It is possible to obtain custom-built IOS images via a Cisco support contract. The recommended method for obtaining updated IOS images is to record the results of the "show version" command on the router, and then to obtain a complete list of required fixes and bring this information to your Cisco support representative. Note that security fixes are not necessarily included in the latest releases -- you should specifically ask that the fixes be included in your image. Depending on your configuration, it may take several days to obtain an updated release that works for your hardware.
As of April 2011, the latest supported IOS releases are Cisco IOS 12.4 and 15.1, with the latest "T" family release being 12.4(24)T and 15.1(3)T respectively. Note: as release version 15 is considered a major upgrade, careful consideration should be made before upgrading.
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
