Vulnerability found on port unknown (161/tcp)
If the remote device has Cisco Express Forwarding (CEF) enabled,
it may leak information from previous packets that have been
handled by the device.
An attacker may use this flaw to sniff your network remotely
This vulnerability is documented as Cisco Bug ID CSCdu20643.
Solution : http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
Risk factor : High
*** As Nessus solely relied on the banner of the remote host
*** this might be a false positive
Vulnerability found on port unknown (161/tcp)
-
By sending a crafted NTP control packet, it is possible to trigger a
buffer overflow in the NTP daemon. This vulnerability can be
exploited remotely. The successful exploitation may cause arbitrary
code to be executed on the target machine.
This vulnerability is documented as Cisco Bug ID CSCdt93866.
An attacker may use this flaw to execute arbitrary code on
the remote host (although it's believed to not be doable)
Solution : http://www.cisco.com/warp/public/707/NTP-pub.shtml
Risk factor : High
*** As Nessus solely relied on the banner of the remote host
*** this might be a false positive
Vulnerability found on port unknown (161/tcp)
-
It is possible to send an Address Resolution Protocol (ARP) packet on
a local broadcast interface (for example, Ethernet, cable, Token
Ring, FDDI) which could cause a router or switch running specific
versions of Cisco IOS® Software Release to stop sending and receiving
ARP packets on the local router interface. This will in a short time
cause the router and local hosts to be unable to send packets to each
other. ARP packets received by the router for the router's own
interface address but a different Media Access Control (MAC) address
will overwrite the router's MAC address in the ARP table with the one
from the received ARP packet. This was demonstrated to attendees of
the Black Hat conference and should be considered to be public
knowledge. This attack is only successful against devices on the
segment local to the attacker or attacking host.
This vulnerability is documented in Cisco Bug ID CSCdu81936.
A local attacker may use this flaw to prevent your network from
working properly.
Solution :
http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
Risk factor : High
*** As Nessus solely relied on the banner of the remote host
*** this might be a false positive
Warning found on port unknown (161/tcp)
Cisco IOS Software contains a flaw that permits the successful
prediction of TCP Initial Sequence Numbers.
This vulnerability is present in all released versions of Cisco IOS
software running on Cisco routers and switches. It only affects the
security of TCP connections that originate or terminate on the
affected Cisco device itself
it does not apply to TCP traffic
forwarded through the affected device in transit between two other
hosts.
This vulnerability is documented as Cisco bug ID CSCds04747.
Solution :
http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
Risk factor : Medium
*** As Nessus solely relied on the banner of the remote host
*** this might be a false positive
Renaud, etc, perhaps these can be updated? They are misleading. It isn't a flaw with port 161 or TCP but information garnered by SNMP on that port. Might I suggest a prologue such as:
"Nessus gathered information via SNMP (161/tcp) that indicates a probable vulnerability. This may be a false positive as this test relied on the banner information; the vulnerability was not actually accomplished."
(The above wrapped text is how it appears in the report, that should also be tweaked I 'spose) -d -- I may have the information you need and I may choose only HTML. It's up to you. Disclaimer: I am not responsible for any email that you send me nor am I bound to any obligation to deal with any received email in any given fashion. If you send me spam or a virus, I may in whole or part send you 50,000 return copies of it. I may also publically announce any and all emails and post them to message boards, news sites, and even parody sites. I may also mark them up, cut and paste, print, and staple them to telephone poles for the enjoyment of people without internet access. This is not a confidential medium and your assumption that your email can or will be handled confidentially is akin to baring your backside, burying your head in the ground, and thinking nobody can see you butt nekkid and in plain view for miles away. Don't be a cluebert, buy one from K-mart today.
