Cisco IPv6 Vulnerability

Rich Tehrani : Communications and Technology Blog -
Rich Tehrani
| Communications and Technology Blog - Latest news in IP communications, telecom, VoIP, call center & CRM space

Cisco IPv6 Vulnerability

I thought this alert was worth passing along. It seems by turning off IPv6 you minimize exposure to this attack.

                        National Cyber Alert System

                  Technical Cyber Security Alert TA05-210A

Cisco IOS IPv6 Vulnerability

   Original release date: July 29, 2005
   Last revised: --
   Source: US-CERT

Systems Affected

     * Cisco IOS devices with IPv6 enabled

   For specific information, please see the Cisco Advisory.


   Cisco IOS IPv6 processing functionality contains a vulnerability that
   could allow an unauthenticated, remote attacker to execute arbitrary
   code or cause a denial of service.

I. Description

   Cisco IOS contains a vulnerability in the way IPv6 packets are
   processed. US-CERT has not confirmed further technical details.

   According to the Cisco Advisory, this vulnerability could be exploited
   by an attacker on the same IP subnet:

     Crafted packets from the local segment received on logical
     interfaces (that is, tunnels including 6to4 tunnels) as well as
     physical interfaces can trigger this vulnerability. Crafted packets
     can not traverse a 6to4 tunnel and attack a box across the tunnel.

     The crafted packet must be sent from a local network segment to
     trigger the attack. This vulnerability can not be exploited one or
     more hops from the IOS device.

   US-CERT strongly recommends that sites running Cisco IOS devices
   review the Cisco Advisory and upgrade as appropriate. We are tracking
   this vulnerability as VU#930892.

II. Impact

   This vulnerability could allow an unauthenticated, remote attacker on
   the same IP subnet to execute arbitrary code or cause a denial of
   service. The attacker may be able to take control of a vulnerable

III. Solutions


   Upgrade to a fixed version of IOS. Please see the Software Versions
   and Fixes section of the Cisco Advisory for details.

Disable IPv6

   From the Cisco Advisory:

     In networks where IPv6 is not needed, disabling IPv6 processing on
     an IOS device will eliminate exposure to this vulnerability. On a
     router which supports IPv6, this must be done by issuing the
     command "no ipv6 enable" and "no ipv6 address" on each interface.

Appendix A. Vendor Information

Cisco Systems, Inc.

   Cisco Systems, Inc. has released a security advisory regarding a
   vulnerability which was disclosed on July 27, 2005 at the Black Hat
   security conference. Security advisory is available at:

   For up-to-date information on security vulnerabilities in Cisco
   Systems, Inc. products, visit

Appendix B. References

     * US-CERT Vulnerability Note VU#930892 -

     * Cisco Security Advisory: IPv6 Crafted Packet Vulnerability -


   Information regarding this vulnerability was primarily provided by
   Cisco Systems, who in turn acknowledge the disclosure of this
   vulnerability at the Black Hat USA 2005 Briefings.


   Feedback can be directed to US-CERT Technical Staff.  Send mail to
   <> with "TA05-210A feedback VU#930892" in the subject.


   The most recent version of this document is available at:



   Produced 2005 by US-CERT, a government organization.

   Terms of use:


Revision History

   July 29, 2005: Initial release

Featured Events