vpdn
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
=================
Devices configured for PPTP are vulnerable. The default listening TCP
port for PPTP is 1723. The following examples shows a vulnerable
configuration:
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS
software releases.
Several features enable the L2TP mgmt daemon process within Cisco IOS
software, including but not limited to Layer 2 virtual private
networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack
Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up
Networks (VPDN). Once this process is enabled the device is
vulnerable.
This vulnerability will result in a reload of the device when
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
=================
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network
(MVPN) Data Leak
Advisory ID: cisco-sa-20080326-mvpn
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
engines and to determine if a VAM is present and used in the device,
use the "show crypto engine brief" command, as shown in the following
example:
Router#show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: slot 4
VPN Module in slot: 4
Product Name: VAM2+
Vendor description:
-------------------
The SonicWALL Global VPN Client offers an easy-to-use, easy-to-manage
Virtual Private Network (VPN) solution that provides users at
distributed locations with secure, reliable remote access via broadband,
wireless and dial-up connections.
[source: http://www.sonicwall.com/downloads/Global_VPN_DS_US.pdf]
Router#show running-config | include ip http
no ip http server
ip http secure-server
Router#
* SSL Virtual Private Network (SSL VPN) also known as AnyConnect
VPN
The following example shows a device that has the SSL VPN feature
enabled:
Router#show running-config | include webvpn
+------------------
Devices running affected versions of Cisco IOS Software are
susceptible if configured with any of the following features:
* Secure Socket Layer (SSL) Virtual Private Network (VPN)
* Secure Shell (SSH)
* Internet Key Exchange (IKE) Encrypted Nonces
Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are
not affected by this vulnerability.
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
=================
Summary
=======
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for Multiprotocol Label Switching (MPLS) Virtual Private
Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and
using Border Gateway Protocol (BGP) between Customer Edge (CE) and
Provider Edge (PE) devices may permit information to propagate
between VPNs.
Workarounds are available to help mitigate this vulnerability.
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that
run branches of Cisco IOS based on 12.2 can be vulnerable to a denial
of service vulnerability that can prevent any traffic from entering
an affected interface. For a device to be vulnerable, it must be
configured for Open Shortest Path First (OSPF) Sham-Link and Multi
Protocol Label Switching (MPLS) Virtual Private Networking (VPN).
This vulnerability only affects Cisco Catalyst 6500 Series or
Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32),
Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720)
modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B,
Supervisor 720-3BXL, Route Switch Processor 720, Route Switch
|
