CVE-2006-4774

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.1(19)

Description The VLAN Trunking Protocol (VTP) feature in Cisco IOS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability exists because the VTP feature does not properly handle malformed packets sent from the local network. An attacker residing on the local network segment could exploit this vulnerability via a crafted summary packet to cause a DoS condition. To exploit this vulnerability, an attacker must reside on the local network segment and send a crafted summary packet to a device supporting VTP. The device must be configured as either client or server for VTP, and the packets must be received on a trunk enabled port. Exploitation causes a DoS condition only until the device reboots, but repeated attacks could cause an extended DoS condition.

Recommendations For Cisco IOS version 12.1(19), update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to trunk enabled ports and configuring VTP domain passwords to minimize the risk of exploitation.