Vulnerability Note VU#139491

Cisco IOS vulnerable to denial of service via Cisco Discovery Protocol

Original Release date: 10 Oct 2001 | Last revised: 11 Oct 2001

Overview

The Cisco IOS contains a denial-of-service vulnerability that allows nearby remote attackers to crash or temporarily disable affected network devices.

Description

The Cisco Internetwork Operating System (IOS) contains a vulnerability in its processing of Cisco Discovery Protocol (CDP) packets. By sending large numbers of crafted CDP packets to an affected device, a nearby remote attacker can consume all available memory resources, causing the device to either crash or stop responding. It is important to note that the CDP protocol operates at the data link layer of the ISO/OSI model, so it cannot be propagated by network and transport layer protocols such as IP and TCP, respectively. As such, attackers will only be able to attack devices on networks they can access directly (ie. without IP routing). However, this also means that many of the strategies commonly used to block malicious traffic (such as port filtering) cannot be used to prevent attackers from reaching an affected host.

Impact

This vulnerability allows a nearby remote attacker to crash or consume the memory resources of an affected switch, router, or other network device.

Solution

Disable the Cisco Discovery Protocol

Sites that do not require the Cisco Discovery Protocol may disable it for a single interface by issuing the "no cdp enable" command on the interface. Alternatively, CDP can be disabled for the entire device by issuing the "no cdp run" command.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
CiscoAffected09 Oct 200110 Oct 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by the Phenoelit Group and reported to the Bugtraq mailing list on October 9, 2001.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: Unknown
  • Date Public: 09 Oct 2001
  • Date First Published: 10 Oct 2001
  • Date Last Updated: 11 Oct 2001
  • Severity Metric: 19.69
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.