Vigil@nce: Cisco IOS, CatOS, denial of service via VTP
November 2008 by Vigil@nce
SYNTHESIS
An attacker can send a malicious VTP packet on the local network
in order to restart the system.
Gravity: 1/4
Consequences: denial of service of computer
Provenance: LAN
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 06/11/2008
IMPACTED PRODUCTS
– Cisco Catalyst
– Cisco IOS
– Cisco Router
DESCRIPTION
The VTP (VLAN Trunking Protocol) protocol is used to manage the
VLAN configuration. A password can be configured to authenticate
packets.
When some versions of the IOS/CatOS receive a malicious VTP
packet, a denial of service occurs. This packet:
– can be sent to a VTP client or server
– has to be received on a port of the trunk
– does not require an authentication
Technical details are unknown.
An attacker can therefore send a malicious VTP packet on the local
network in order to restart the system.
CHARACTERISTICS
Identifiers: 108203, BID-32120, cisco-sr-20081105-vtp, CSCsv05934,
CSCsv11741, VIGILANCE-VUL-8224