search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cisco IOS fails to properly handle Next Hop Resolution Protocol packets

Vulnerability Note VU#201984

Original Release Date: 2007-08-09 | Last Revised: 2007-08-10


Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.


Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a feature called Next Hop Resolution Protocol (NHRP). NHRP is a component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature. NHRP is not enabled by default in Cisco IOS. Cisco IOS fails to properly handle NHRP packets. According to the Cisco Security Advisory,

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
Note that exploit code for this vulnerability is publicly available.


A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on an affected device.


Apply an update
This issue is addressed in Cisco Security Advisory cisco-sa-20070808-nhrp.


Cisco Security Advisory cisco-sa-20070808-nhrp offers several workarounds, including infrastructure ACLs and Control Plane Policing.

Vendor Information


Cisco Systems, Inc. Affected

Updated:  August 09, 2007



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see Cisco Security Advisory cisco-sa-20070808-nhrp.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Cisco for reporting this vulnerability, who in turn credit Martin Kluge.

This document was written by Will Dormann.

Other Information

CVE IDs: None
Severity Metric: 17.85
Date Public: 2007-08-08
Date First Published: 2007-08-09
Date Last Updated: 2007-08-10 12:30 UTC
Document Revision: 4

Sponsored by CISA.