CVE-2012-0382 | Cisco IOS - Multicast Source Discovery Protocol (MSDP) Operational Intel

Executive Risk Summary

"A vulnerability in the Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet. This vulnerability affects various Cisco IOS versions, including 12.0, 12.2 through 12.4, and 15.0 through 15.2, as well as IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS."

Anticipated Attack Path

1. Attacker sends encapsulated IGMP data in an MSDP packet to the vulnerable Cisco IOS device
2. The device processes the MSDP packet, leading to a denial of service condition
3. The device reloads, causing network disruption and potential loss of connectivity

Am I Vulnerable?

Verify the Cisco IOS version and check for the presence of the vulnerability
Apply the recommended patch or workaround to mitigate the vulnerability
Monitor network traffic for suspicious MSDP packets and implement additional security measures to prevent exploitation

Operational Audit Arsenal

Target Type Network Device

Target Asset Cisco IOS

Standard Path Network Infrastructure

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.