CVE-2011-2395

Name of the Vulnerable Software and Affected Versions Cisco IOS (affected versions not specified)

Description The issue concerns the Neighbor Discovery (ND) protocol implementation, which allows remote attackers to bypass the Router Advertisement Guarding functionality. This can be achieved via a fragmented IPv6 packet where the Router Advertisement (RA) message is contained in the second fragment. There are two demonstrated methods: (1) using a packet where the first fragment contains a long Destination Options extension header, or (2) using a packet where the first fragment contains an ICMPv6 Echo Request message.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.