Cisco IOS using Cisco Express Forwarding could allow an attacker to obtain sensitive information
|ios-cef-information-leak (8296)||Medium Risk|
Cisco devices running some could allow a remote attacker to obtain sensitive information dropped from previous packets. If a remote attacker sends a malformed packet to the affected device with an IP level packet length that is greater than the MAC level packet length, the router would increase the packet size to the length indicated by the IP level by inserting arbitrary data that had been dropped by previous packets. This could allow an attacker to obtain sensitive information.
Upgrade to the latest version of Cisco IOS appropriate for your system, as listed in Cisco Systems Inc. Security Advisory, February 27, 2002. See References.
As a workaround, disable CEF.
- CIAC Information Bulletin M-050: Data Leak with Cisco Express Forwarding.
- Cisco Systems Inc. Security Advisory, 2002 February 27 08:00 (UTC -0800): Data Leak with Cisco Express Forwarding Enabled.
- BID-4191: Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability
- CVE-2002-0339: Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
- OSVDB ID: 806: Cisco IOS Cisco Express Forwarding (CEF) Previous Packet Information Disclosure
- US-CERT VU#310387: Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled
- Cisco IOS 11.1CC
- Cisco IOS 12.0
- Cisco IOS 12.0S
- Cisco IOS 12.0ST
- Cisco IOS 12.0T
- Cisco IOS 12.1
- Cisco IOS 12.1E
- Cisco IOS 12.1T
- Cisco IOS 12.2
- Cisco IOS 12.2T
Feb 27, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this