CVE-2008-1156

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.4

Description The issue allows remote attackers to create extra multicast states on the core routers via a crafted Multicast Distribution Tree (MDT) Data Join message. This can also enable a malicious user to receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Recommendations For Cisco IOS versions 12.0 through 12.4, update to a version that includes the software updates released by Cisco to address this vulnerability. As a temporary workaround, consider implementing workarounds that mitigate this vulnerability, as detailed in the Cisco Security Advisory. Restrict access to the Multicast Virtual Private Network (MVPN) implementation to minimize the risk of exploitation until a patch is applied.