Release date:
Updated on:
Affected Systems:
Cisco IOS 15.x
Cisco ios xe 3.x
Unaffected system:
Cisco IOS 15.1 (4) M4
Cisco IOS 15.1 (4) M3a
Cisco IOS 15.1 (4) M3
Cisco IOS 15.1 (3) T3
Cisco IOS 15.1 (3) S2
Cisco IOS 15.1 (2) GC2
Cisco IOS 15.1 (2) EY2
Cisco IOS 15.1 (1) T5
Cisco IOS 15.0 (1) M8
Cisco ios xe 3.4.2S
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52754
Cve id: CVE-2012-1311
Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet connection.
When Cisco IOS Software and Cisco ios xe Software use the RSVP feature on devices configured with VPN routing and forwarding entities, remote unauthenticated attackers can exploit this vulnerability by sending RSVP packets to affected devices, resulting in connection loss, routing protocol connection loss, and DOS.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp#affected
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120328-rsvp # affected) and patches for this:
Cisco-sa-20120328-rsvp # affected: Cisco IOS Software RSVP Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp#affected