U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (TA05-210A)

Cisco IOS IPv6 Vulnerability

Original release date: July 29, 2005

Systems Affected

  • Cisco IOS devices with IPv6 enabled
For specific information, please see the Cisco Advisory.

Overview

Cisco IOS IPv6 processing functionality contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.

Description

Cisco IOS contains a vulnerability in the way IPv6 packets are processed. US-CERT has not confirmed further technical details.

According to the Cisco Advisory, this vulnerability could be exploited by an attacker on the same IP subnet:

Crafted packets from the local segment received on logical interfaces (that is, tunnels including 6to4 tunnels) as well as physical interfaces can trigger this vulnerability. Crafted packets can not traverse a 6to4 tunnel and attack a box across the tunnel.

The crafted packet must be sent from a local network segment to trigger the attack. This vulnerability can not be exploited one or more hops from the IOS device.

US-CERT strongly recommends that sites running Cisco IOS devices review the Cisco Advisory and upgrade as appropriate. We are tracking this vulnerability as VU#930892.

Impact

This vulnerability could allow an unauthenticated, remote attacker on the same IP subnet to execute arbitrary code or cause a denial of service. The attacker may be able to take control of a vulnerable device.

Solutions

Upgrade

Upgrade to a fixed version of IOS. Please see the Software Versions and Fixes section of the Cisco Advisory for details.

Disable IPv6

From the Cisco Advisory:

In networks where IPv6 is not needed, disabling IPv6 processing on an IOS device will eliminate exposure to this vulnerability. On a router which supports IPv6, this must be done by issuing the command "no ipv6 enable" and "no ipv6 address" on each interface.

Appendix A. Vendor Information

Cisco Systems, Inc.

Cisco Systems, Inc. has released a security advisory regarding a vulnerability which was disclosed on July 27, 2005 at the Black Hat security conference. Security advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml
For up-to-date information on security vulnerabilities in Cisco Systems, Inc. products, visit http://www.cisco.com/go/psirt.

Appendix B. References

  • US-CERT Vulnerability Note VU#930892 - http://www.kb.cert.org/vuls/id/930892>
  • Cisco Security Advisory: IPv6 Crafted Packet Vulnerability - http://www.cisco.com/en/US/products/products_security_advisory09186a00804d82c9.shtml>

Information regarding this vulnerability was primarily provided by Cisco Systems, who in turn acknowledge the disclosure of this vulnerability at the Black Hat USA 2005 Briefings.

Feedback can be directed to US-CERT Technical Staff.

Produced by US-CERT, a government organization. Terms of use

Revision History

  • July 29, 2005: Initial release

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top