Vigil@nce - Cisco IOS XE: denial of service via IPv6 Neighbor Discovery
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send numerous IPv6 Neighbor Discovery packets to
Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS Cisco, IOS XE Cisco.
Severity: 1/4.
Creation date: 15/12/2015.
DESCRIPTION OF THE VULNERABILITY
The IPv6 protocol uses Neighbor Discovery packets to configure the
network.
However, there is no limit on the number of packets which can be
received, which consumes the system memory.
An attacker can therefore send numerous IPv6 Neighbor Discovery
packets to Cisco IOS XE, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-XE-denial-of-service-via-IPv6-Neighbor-Discovery-18520