11029: Cisco IOS EIGRP Network Denial of Service Vulnerability

Cisco IOS EIGRP Network Denial of Service Vulnerability

General Info

	TC:	11029
	Description:	EIGRP is an extension protocol of IGRP, a routing protocol used to propagate routing information in internal network environments. The EIGRP implementation in all versions of IOS is vulnerable to a denial of service if it receives a flood of neighbor announcements. The issue affects Cisco devices running Cisco Internetwork Operating System Software (IOS) versions 11.3, 12.0(19), 12.1, and 12.2.
	TC Impact:	Gather Info
	Service:	snmp

Specific Operations and Actions:

	Vulnerability Publication:	December 18, 2002
	Advisory Copyright:	FX from Phenoelit
	Summary:	A remote attacker can deny access to the network service for your legitimate users.
	Risk:	High
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
	CVSS 2.0 Base Score:	7.8

	Vulnerability Impact:	Denial of Service

	Host Impact:	Denial of service.
	Nature of Remediation:	Change the configuration.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Check with vendor for an upgraded version addressing the issue. See references for more details.
	*** Solution type: Deploy Work Arounds *** Apply MD5 authentication that will permit the receipt of EIGRP packets only from authorized hosts. See references for more details.

Glossary and References :

	References:
	* BUGTRAQ: 20021219 Cisco IOS EIGRP Network DoS http://www.securityfocus.com/archive/1/304034 * BUGTRAQ: 20021219 Re: Cisco IOS EIGRP Network DoS http://www.securityfocus.com/archive/1/304044 * CISCO: 20021220 Cisco's Response to the EIGRP Issue http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5e1.html * FULLDISC: 20051219 Unauthenticated EIGRP DoS http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html * FULLDISC: 20051220 RE: Authenticated EIGRP DoS / Information leak http://marc.theaimsgroup.com/?l=full-disclosure&m=113504451523186&w=2 * BUGTRAQ: 20051220 Re: Unauthenticated EIGRP DoS http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded * CONFIRM: http://www.cisco.com/warp/public/707/eigrp_issue.pdf * BID: 6443 http://www.securityfocus.com/bid/6443 * OSVDB: 18055 http://www.osvdb.org/18055 * SECTRACK: 1005840 http://securitytracker.com/id?1005840 * SECUNIA: 7766 http://secunia.com/advisories/7766 * XF: cisco-ios-eigrp-dos(10903) http://xforce.iss.net/xforce/xfdb/10903

	CVE Link:	CVE-2002-2208

	Glossary:	CISCO Denial of Service

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)