11023: Cisco IOS ICMP Redirect Denial Of Service Vulnerability

Cisco IOS ICMP Redirect Denial Of Service Vulnerability

General Info

	TC:	11023
	Description:	IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco. It has been reported that it is possible to cause a denial of service in some Cisco routers by sending a large amount of spoofed ICMP redirect messages.
	TC Impact:	Gather Info
	Service:	snmp

Specific Operations and Actions:

	Vulnerability Publication:	May 21, 2002
	Advisory Copyright:	FX
	Summary:	A remote attacker can compromise your cisco device and thus prevent you legitimate users from accessing your network.
	Risk:	High
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
	CVSS 2.0 Base Score:	7.8

	Vulnerability Impact:	Denial of Service

	Host Impact:	Denial of service.
	Nature of Remediation:	Update the software.

Step required to fix the reported vulnerability:

***** Solution type: Upgrade Software *****

Check with vendor for patch.

Workarounds:
Users running Cisco IOS 11.x can mitigate this issue by blocking ICMP redirect messages that are sent to the router by following this example:
router(config)#access-list 101 deny icmp any host <device_IP> redirect
.... (the rest of the access-list 101)
router(config)#interface eth0
router(config-if)#ip access-group 101 in
This will block all ICMP packets destined for the router itself via the eth0 interface, but other ICMP traffic will pass through the router normally.
It is also possible to block ICMP traffic destined for Cisco routers running Cisco IOS 12.x.

Glossary and References :

	References:
	* BUGTRAQ: 20020521 Cisco IOS ICMP redirect DoS http://online.securityfocus.com/archive/1/273421 * BUGTRAQ: 20020521 Cisco IOS ICMP redirect DoS - Cisco's response http://online.securityfocus.com/archive/1/273488 * BID: 4786 http://www.securityfocus.com/bid/4786 * XF: cisco-ios-icmp-redirect-dos(9129) http://www.iss.net/security_center/static/9129.php * CISCO: http://www.cisco.com/en/US/ts/fn/200/fn23074.html

	CVE Link:	CVE-2002-2315

	Glossary:	CISCO Denial of Service ICMP IOS

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)