Vigil@nce - Cisco IOS: denial of service via CDP
April 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a specially crafted CDP packet to an host
running Cisco IOS, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS Cisco, IOS XE
Cisco, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Creation date: 16/02/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS product includes an implementation of the
proprietary protocol "Cisco Discovery Protocol", used to manage
the neighborhood.
However, the parsing and validation of CDP packet is incomplete
and there are some packets the decoding of which leads to a fatal
error and then host reboot.
An attacker can therefore send a specially crafted CDP packet to
an host running Cisco IOS, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Cisco-IOS-denial-of-service-via-CDP-18947