ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
cisco-sa-20011114-gsr-unreachable · NA · Published · Updated
The performance of Cisco 12000 series routers can be degraded when they have to send a large number of ICMP unreachable packets. This situation usually can occur during heavy network scanning. This vulnerability is tracked by three different bug IDs: CSCdr46528 ( registered customers only) , CSCdt66560 ( registered customers only) , and CSCds36541 ( registered customers only) . Each bug ID is assigned to a different Engine the line card is based upon. The rest of the Cisco routers and switches are not affected by this vulnerability. It is specific for Cisco 12000 Series. No other Cisco product is vulnerable. The workaround is to either prevent the router from sending unreachable Internet Control Message Protocol (ICMPs) at all or to rate limit them. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20011114-gsr-unreachable.