Guest

Preview Tool

Cisco Bug: CSCul29918 - Cisco IOS Software IPSec MTU Vulnerability

Last Modified

Nov 27, 2020

Products (2)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases

15.3(2)T1.2 15.3(3)M 15.3(3)M1.9 15.4(1.1)T

Description (partial)

Symptom:
A vulnerability in IPSec tunnel implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to change the tunnel MTU or 
path MTU and potentially cause IPSec tunnel to drop.

The vulnerability is due to incorrect processing od certain ICMP packets. An attacker could exploit this vulnerability by sending specific ICMP packets 
to an affected device in order to change the configured MTU value of the tunnel interface. An exploit could allow the attacker to change the tunnel MTU 
or path MTU and potentially cause IPSec tunnel to drop.

Conditions:
A device configured for IPSec VTI and with
path-mtu-discovery disabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.