Vulnerability Note VU#228186
Hot Standby Router Protocol (HSRP) uses weak authentication
A denial-of-service vulnerability exists in the Hot Standby Router Protocol (HSRP) .
HSRP is a protocol designed to provide transparent recovery of routing services when failures occur. Quoting from RFC2281 (the RFC describing the Hot Standby Router Protocol):
The Hot Standby Router Protocol, HSRP, provides a mechanism which is designed to support nondisruptive failover of IP traffic in certain circumstances. In particular, the protocol protects against the failure of the first hop router when the source host cannot learn the IP address of the first hop router dynamically. The protocol is designed for use over multi-access, multicast or broadcast capable LANs (e.g., Ethernet). HSRP is not intended as a replacement for existing dynamic router discovery mechanisms and those protocols should be used instead whenever possible . A large class of legacy host implementations that do not support dynamic discovery are capable of configuring a default router. HSRP provides failover services to those hosts.
Our thanks to Cisco for permission to use this diagram.
An attacker located on the same LAN segment as the routers using HSRP can disrupt legitimate network traffic resulting in a denial-of-service attack against the network infrastructure for which the participating routers are responsible for.
The CERT/CC is currently unaware of a practical solution to this problem.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco||Affected||-||13 Dec 2001|
CVSS Metrics (Learn More)
The CERT/CC thanks Cisco Systems for their help in understanding this vulnerability.
This document was written by Ian A. Finlay.
- CVE IDs: CAN-2001-0741
- Date Public: 01 Mar 98
- Date First Published: 13 Dec 2001
- Date Last Updated: 18 Dec 2001
- Severity Metric: 6.33
- Document Revision: 85
If you have feedback, comments, or additional information about this vulnerability, please send us email.