Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the routers interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Catalyst_2900xl | Cisco | * | * |
| Catalyst_2948g-l3 | Cisco | * | * |
| Catalyst_2950 | Cisco | * | * |
| Catalyst_3500xl | Cisco | * | * |
| Catalyst_3550 | Cisco | * | * |
| Catalyst_4000 | Cisco | * | * |
| Catalyst_4908g-l3 | Cisco | * | * |
| Catalyst_5000 | Cisco | * | * |
| Catalyst_6000 | Cisco | * | * |
| Catalyst_8500 | Cisco | * | * |
| Distributed_director | Cisco | * | * |
References
- http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
- http://www.kb.cert.org/vuls/id/399355
- http://www.osvdb.org/807
- http://www.securityfocus.com/bid/3547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7547
- http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
- http://www.kb.cert.org/vuls/id/399355
- http://www.osvdb.org/807
- http://www.securityfocus.com/bid/3547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7547