Overview
A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service.
Description
The Cisco Internetwork Operating System (IOS) includes support for processing Internet Protocol version 6 (IPv6) packets. A vulnerability in the way that IOS handles a sequence of specially crafted IPv6 packets could cause an affected device to reload (reboot), resulting in a denial of service. The specific nature of the crafted packets exploiting this vulnerability is not known. Only devices running IOS that have IPv6-configured interfaces, either physical or logical (e.g., tunnels), are vulnerable to this issue. |
Impact
A remote attacker may be able to cause an affected device to reload, thereby creating a denial of service condition. |
Solution
Upgrade Cisco has addressed this issue in new versions of the IOS software. Please see Cisco's Security Advisory for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Cisco PSIRT for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | None |
| Severity Metric: | 10.61 |
| Date Public: | 2005-01-26 |
| Date First Published: | 2005-01-26 |
| Date Last Updated: | 2005-02-01 20:50 UTC |
| Document Revision: | 11 |