Cisco IOS Software ICMP Processing Denial of Service Vulnerability

A vulnerability in IPSec tunnel implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to change the tunnel MTU or path MTU and potentially cause IPSec tunnels to drop.

The vulnerability is due to incorrect processing of certain ICMP packets. An attacker could exploit this vulnerability by sending specific ICMP packets to an affected device in order to change the configured MTU value of the tunnel interface. An exploit could allow the attacker to change the tunnel MTU or path MTU and potentially cause IPSec tunnels to drop.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, the attacker may need access to trusted, internal networks, in which the targeted device may reside, to send specific ICMP packets to be processed by the device. This access requirement could limit the possibility of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.