Vigil@nce - Cisco IOS XE: denial of service via PPPoE
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious PPPoE packet to a router running
Cisco IOS XE, in order to trigger a denial of service.
Impacted products: IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 08/07/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS XE product may use PPP over Ethernet.
While establishing the PPP connection, and before client
authentication, a packet of type Active Discovery Request may be
sent. However, IOS XE does not handle some format errors in these
packets. A packet matching these conditions make the router crash
then restart.
An attacker can therefore send a malicious PPPoE packet to a
router running Cisco IOS XE, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-XE-denial-of-service-via-PPPoE-17323