Vulnerabilities > CVE-2008-3813 - Unspecified vulnerability in Cisco IOS

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

nessus

NVD

Published: 2008-09-26

Updated: 2022-06-02

Summary

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.4T Cisco IOS 12.4Xj Cisco IOS 12.4Mr Cisco IOS 12.2Srb Cisco IOS 12.2Sg Cisco IOS 12.4Xv Cisco IOS 12.4Xw Cisco IOS 12.2Se Cisco IOS 12.4Sw	9

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20080924-L2TPHTTP.NASL
description	A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases. Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable. This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
last seen	2019-10-28
modified	2010-09-01
plugin id	49021
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49021
title	Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
code	#TRUSTED 2c4e11c10038e1c14b7dafd9ecebfa62ca554a3facc1cb4f384559acce03c82107e679fda11f1640086569c73f2d4f3480b946eff3a2f54344ad4d2c363508b261c7cc35137cba8778f9bf41883a0b549f0e5f09717d2b8b7268cdb800a1fad360856a72a8a17444b4cc407ad9157090acb44a6effd0b63da10da6f760e3fede920d37f1d79e7f6c13b0c43fbcdde5b45460f24dc29beca6b6a1126d610113929f50f617525d0e7c921483780bf33cedda5de780337a613c707d77ecb452a0d2568bd391f9462e4f8de63f81fee1ff07fcf074ce2cedd0068a9f81e8e91e27e98afbd4cb6f0c7c4b72d957763d4d1bd4256299526ec4c34a78112506b1584ca31ee595dd086b1ed364a791abf549bd5bd5a94d10088c6a1f0f78feb88103c34b3a9a9877b80cf0185cb3b42bbd927b15e79627051ebc43748882c6f9f09b33a7420da6d50368542532b92e447f913fac66abb219ebb2e8e8d459785bb0882b91247b81c8025cf0d386dba09d6ef1369b72cb9d4248cd6194499e33aa23d5343b4c131110c3e48eb7dda711eb90a1ccc13f27d344796e3fcbfc8a529ddde3451f34307f716341f63bbc1e7dca81d104f172662cbd40395ff9653dcfeaec19f9ccba0f60493cbc91a66d8c157d9e8fbbf449988a514ce7cf6945e3045c9cc7e2141ed1675e167a11720d3068fcab1f879ba1de957632d44749c68c116ff0d8dd13 # # (C) Tenable Network Security, Inc. # # Security advisory is (C) CISCO, Inc. # See https://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(49021); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2008-3813"); script_bugtraq_id(31358); script_xref(name:"CISCO-BUG-ID", value:"CSCsh48879"); script_xref(name:"CISCO-SA", value:"cisco-sa-20080924-l2tp"); script_name(english:"Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability"); script_summary(english:"Checks the IOS version."); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: 'A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases. Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable. This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. '); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e91861de"); # https://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?e477dd69"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20080924-l2tp."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; override = 0; version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); if (version == '12.4(11)XW') flag++; else if (version == '12.4(11)XV1') flag++; else if (version == '12.4(11)XV') flag++; else if (version == '12.4(11)XJ4') flag++; else if (version == '12.4(11)XJ3') flag++; else if (version == '12.4(11)XJ2') flag++; else if (version == '12.4(11)XJ') flag++; else if (version == '12.4(11)T4') flag++; else if (version == '12.4(11)T3') flag++; else if (version == '12.4(11)T2') flag++; else if (version == '12.4(11)T1') flag++; else if (version == '12.4(11)T') flag++; else if (version == '12.4(11)SW2') flag++; else if (version == '12.4(11)SW1') flag++; else if (version == '12.4(11)SW') flag++; else if (version == '12.4(12)MR2') flag++; else if (version == '12.4(12)MR1') flag++; else if (version == '12.4(12)MR') flag++; else if (version == '12.4(11)MR') flag++; else if (version == '12.2(33)SRB') flag++; else if (version == '12.2(37)SG1') flag++; else if (version == '12.2(40)SE') flag++; else if (version == '12.2(37)SE1') flag++; else if (version == '12.2(37)SE') flag++; if (get_kb_item("Host/local_checks_enabled")) { if (flag) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_processes", "show processes"); if (check_cisco_result(buf)) { if (preg(pattern:"\sL2TP\s", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag) { security_hole(port:0, extra:cisco_caveat(override)); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted

2008-12-22T04:00:07.377-05:00

class

vulnerability

contributors

name	Yuzheng Zhou
organization	Hewlett-Packard

description

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.

family

ios

oval:org.mitre.oval:def:5362

status

accepted

submitted

2008-09-24T11:06:36.000-04:00

title

Cisco IOS Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

version

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 31358 CVE ID: CVE-2008-3813 CNCVE ID：CNCVE-20083813 Cisco IOS是一款流行的网络操作系统。 Cisco IOS第二层隧道协议实现存在一个漏洞，远程攻击者可以利用漏洞对设备进行拒绝服务攻击，导致设备重载。 Cisco IOS软件中的L2TP mgmt守护进程启用多个功能，包括Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP)和Cisco Virtual Private Dial-Up Networks (VPDN)。L2TP mgmt守护在处理特殊构建的L2TP报文时可导致设备重载。此漏洞的Cisco bug ID为CSCsh48879，CVE ID为CVE-2008-3813。 Cisco IOS 12.4XV Cisco IOS 12.4XJ Cisco IOS 12.4T Cisco IOS 12.4SW Cisco IOS 12.4MR Cisco IOS 12.2SE Cisco IOS 12.2(37)SG Cisco IOS 12.2(37)SE Cisco IOS 12.2(33)SRB 可参考如下安全公告获得补丁信息： <a href=http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml target=_blank>http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml</a>
id	SSV:4109
last seen	2017-11-19
modified	2008-09-26
published	2008-09-26
reporter	Root
title	Cisco IOS第二层隧道协议远程拒绝服务漏洞

Summary

Vulnerable Configurations

Nessus

Oval

Seebug

References