CVE-2006-4776

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.1(19)

Description The issue is related to a heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature, which allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. This is due to improper input validation by the VTP feature. An authenticated, remote attacker could exploit this by submitting a malicious VTP summary advertisement, potentially resulting in a buffer overflow, resetting the system, or allowing the attacker to execute arbitrary code. To exploit this, the attacker must craft a VTP summary advertisement packet that matches the domain of the target system, send it to a trunk-enabled port, and know or guess the VTP domain password if set.

Recommendations For Cisco IOS version 12.1(19), update to the latest software version released by Cisco, as they have confirmed this vulnerability and provided an update. As a temporary workaround, consider restricting access to trunk-enabled ports and setting a strong VTP domain password to minimize the risk of exploitation.