CERT-In Advisory CIAD-2009-18
Cisco IOS Mobile IP and Mobile IPv6 Vulnerabilities

Original issue date: April 06, 2009

Severity Rating: High

Systems Affected

• Cisco IOS 12.3 through 12.4, if configured for Mobile IP NAT Traversal feature for Mobile IP NAT Traversal feature or Mobile IPv6

Overview

Cisco devices have been found vulnerable to DoS attack, if they are configured for Mobile IP NAT Traversal feature or Mobile IPv6. An unauthenticated remote attacker may launch Dos attack via crafted Mobile IPv6 Packets or Crafted ICMP packets.

Mobile IP is part of both IPv4 and IPv6 standards. Mobile IP allows a host device to be identified by a single IP address even though the device may move its physical point of attachment from one network to another. Regardless of movement between different networks, connectivity at the different points is achieved seamlessly without user intervention. Roaming from a wired network to a wireless or wide-area network is also possible.

The Mobile IP Support NAT Traversal feature, registers Mobile IP request and reply to establish UDP tunnelling. This feature allows mobile devices in collocated mode that use a private IP address for the care-of address (CoA) to establish a tunnel and traverse a NAT-enabled router with mobile node (MN) data traffic from the home Agent (HA )

1. Mobile Ipv6 packets Denial of Service ( CVE-2009-0633 )

Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service via MIPv6 packets

The vulnerability is due to an error when Cisco IOS Software handles certain ICMP packets. An unauthenticated, remote attacker could exploit this vulnerability be sending a malicious ICMP packet to a vulnerable device, which could create a DoS condition and block traffic on the interface.

Workaround

Use appropriate access-list as suggested by vendor at: http://www.cisco.com/en/US/products/products_
security_advisory09186a0080a9042f.shtml

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory
http://www.cisco.com/en/US/products/products_
security_advisory09186a0080a9042f.shtml

Vendor Information

CISCO
http://www.cisco.com/en/US/products/products_
security_advisory09186a0080a9042f.shtml

References

Security Focus
http://www.securityfocus.com/bid/34241

SecurityTracker http://securitytracker.com/alerts/2009/Mar/1021898.html

Secunia
http://secunia.com/advisories/34438

CVE Name
CVE-2009-0633
CVE-2009-0634

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003