Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition.
A vulnerability exists in the way Cisco IOS processes the following types of packets sent to an IPv4 address on an affected system.
An attacker may be able to exploit the vulnerability by sending a packet with a specially crafted IP header to an IP address on a vulnerable system. Note that ICMP is often enabled on network infrastructure switches and routers for troubleshooting purposes.
A remote unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition. Note that a vulnerable system would have to be the destination for the specially crafted packet.
Cisco Systems, Inc.
Thanks to Cisco for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-01-24|
|Date Last Updated:||2007-01-31 20:37 UTC|