{"vuid":"VU#201984","idnumber":"201984","name":"Cisco IOS fails to properly handle Next Hop Resolution Protocol packets","keywords":["Cisco","IOS","Next Hop Resolution Protocol","NHRP","DoS","denial of service"],"overview":"Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.","clean_desc":"Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a feature called Next Hop Resolution Protocol (NHRP). NHRP is a component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature. NHRP is not enabled by default in Cisco IOS. Cisco IOS fails to properly handle NHRP packets. According to the Cisco Security Advisory, \nNHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation. Note that exploit code for this vulnerability is publicly available.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on an affected device.","resolution":"Apply an update\nThis issue is addressed in Cisco Security Advisory cisco-sa-20070808-nhrp.","workarounds":"Workarounds Cisco Security Advisory cisco-sa-20070808-nhrp offers several workarounds, including infrastructure ACLs and Control Plane Policing.","sysaffected":"","thanks":"Thanks to Cisco  for reporting this vulnerability, who in turn credit Martin Kluge.","author":"This document was written by Will Dormann.","public":["http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml","http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080435815.html","http://secunia.com/advisories/26360/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-08-08T18:24:59Z","publicdate":"2007-08-08T00:00:00Z","datefirstpublished":"2007-08-09T18:10:27Z","dateupdated":"2007-08-10T12:30:05Z","revision":4,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"7","cam_impact":"10","cam_easeofexploitation":"20","cam_attackeraccessrequired":"17","cam_scorecurrent":"17.85","cam_scorecurrentwidelyknown":"17.85","cam_scorecurrentwidelyknownexploited":"26.775","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.85,"vulnote":null}