Vulnerability Note VU#341288
Cisco IOS fails to properly process certain packets containing a crafted IP option
Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition.
A vulnerability exists in the way Cisco IOS processes the following types of packets sent to an IPv4 address on an affected system.
An attacker may be able to exploit the vulnerability by sending a packet with a specially crafted IP header to an IP address on a vulnerable system. Note that ICMP is often enabled on network infrastructure switches and routers for troubleshooting purposes.
A remote unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition. Note that a vulnerable system would have to be the destination for the specially crafted packet.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||-||24 Jan 2007|
CVSS Metrics (Learn More)
Thanks to Cisco for information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 24 Jan 2007
- Date First Published: 24 Jan 2007
- Date Last Updated: 31 Jan 2007
- Severity Metric: 18.15
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.