Cisco IOS spoofed EIGRP announcement flood denial of service
| cisco-ios-eigrp-dos (10903) |  Medium Risk |
Description:
Multiple Cisco devices are vulnerable to a denial of service attack. If a remote attacker floods a vulnerable device with spoofed Enhanced IGRP (EIGRP) neighbor announcements, the attacker could consume all available CPU resources and all bandwidth along the affected network segment, which would result in a denial of service.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, 2002-12-19 17:06:32: Cisco IOS EIGRP Network DoS.
- Cisco Systems TechNotes: Cisco's Response to the EIGRP Issue.
- Cisco Systems Web site: Configuring IP Enhanced IGRP.
- IBM Internet Security Systems X-Force Database: Cisco EIGRP HELLO packet replay information leak.
- Phenoelit Advisory wir-haben-auch-mal-was-gefunden #0815 +++: Cisco Systems IOS EIGRP Network Denial of Service.
- BID-6443: Cisco IOS EIGRP Announcement ARP Denial Of Service Vulnerability
- CVE-2002-2208: Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
- OSVDB ID: 18055: Cisco Spoofed EIGRP Packet Saturation DoS
- SA7766: Cisco IOS EIGRP Denial of Service
- SECTRACK ID: 1005840: Cisco IOS Routers Can Be Made to Consume All Available Bandwidth By Remote Users Sending Spoofed EIGRP Announcements
Platforms Affected:
- Cisco IOS 11.3
- Cisco IOS 12.0(19)
- Cisco IOS 12.1
- Cisco IOS 12.2
Reported:
Dec 18, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net