CVE-2008-3813

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4

Description A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP). This issue affects devices when the L2TP mgmt daemon process is enabled, which can occur through various features including Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP), and Cisco Virtual Private Dial-Up Networks (VPDN). The vulnerability allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. Cisco has released software updates to address this issue. Workarounds are available to mitigate this vulnerability.

Recommendations For Cisco IOS versions 12.2 through 12.4, update to a version that includes the software updates released by Cisco to address this vulnerability. As a temporary workaround, consider disabling the L2TP mgmt daemon process to prevent the device from reloading when processing a specially crafted L2TP packet.