Re: CSCvv75175 - Cisco IOS and IOS XE Software ARP Resource Management

naudruipers · ‎07-23-2021

Is it possible to mitigate this CVE by using ip arp inspection limit as a temporarily workaround. Besides ARP is a L2 protocol. How does a remote attacker can exploit this CVE. I guess the exploit can only be executed from local Lan and only has impact to the local LAN

twylyghtcisco · ‎10-19-2021

I was wondering this as well. Additionally, if we're running ISE to lock down our access ports via dACLs, how would this ARP exhaustion be implemented?

In reviewing the literature, I see no source of how this originates. It's just some nebulous reference to ARP mismanagement leaving this service vulnerable to exploit. Does this require remote or chassis level access?

michaelronayne · ‎06-29-2022

IP ARP inspection will not help you here.

The issue here is that the router's capacity to generate ARP requests for packets that it needs to forward but for which it does not already have an adjacency / ARP entry, is severely limited.

A potential DoS exploiting this vulnerability is possible by sending IP packets to a large number of different IP destinations that are directly connected to the target router, at a moderately sustained packet rate.

Successful exploitation would require the attacker to have some knowledge of the IP ranges that are directly connected to the target device but clearly IS possible from a location remote to the target.

CSCvv75175 - Cisco IOS and IOS XE Software ARP Resource Management Exhaustion DoS Vulnerability