Cisco IOS IPv4 Remote Denial of Service Vulnerability Detection Utility
CIScan is a Windows based SNMP detection and analysis utility that can quickly and accurately identify Cisco devices with SNMP enabled in an enterprise environment. This utility can effectively indicate devices that are potentially vulnerable to the Cisco IPv4 Remote Denial of Service vulnerability from July 17, 2003.
CIScan is intended for use by system and network administrators as a fast and reliable utility for identifying potentially at risk Cisco devices in a passive manner. This tool may be run in production environments during production hours.
Cisco announced on Thursday, July 17, 2003 a serious vulnerability for all Cisco devices that implement and are configured to process Internet Protocol version 4 (IPv4) packets. Foundstone Labs, first to respond to this serious risk, is offering this Security Briefing as part of a coordinated effort designed to protect current customers and other organizations.
This vulnerability should be considered extremely critical due to the impact and ease-of-exploitation. Devices are vulnerable to a Denial of Service (DoS) attack and although no known exploit has been yet identified, a complex purposely malicious sequence of IPv4 packets targeted to a vulnerable Cisco switch or router can cause the processing interface to stop processing traffic. This vulnerability can be executed by remote unauthenticated users with mere knowledge of at least one interface IP address.