• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco HSRP Denial of Service Vulnerability

Severity: MODERATE

Description:

Hot Standby Routing Protocol is an Internet Protocol based routing protocol implemented by Cisco Systems. It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren't using ICMP Router Discovery Protocol to find the new router handling traffic for their segment.

Hot Standby Routing Protocol (HSRP) is designed as an enhanced service to help hosts on a local segment of network adapt to changes in the availability of routers. The protocol is designed for use on local segments of network, which depend on two or more routers, and that may at any time change default routes for traffic between two endpoints. HSRP is used to notify hosts on the local segment of network of a change in routing, and to update them quickly, minimizing the impact of routing changes.

The problem with HSRP occurs in the ability of any host listen to and send HSRP management messages. HSRP is sent over port 1985/UDP, and broadcast to multicast group 224.0.0.2 with authentication information in clear text. In a default implementation, the authentication password is cisco. However, since there is no cryptography used to exchange these messages, it is possible for any eavesdropping host on the network to capture management messages, and extract the password.

By doing so, a system on the network of HSRP managed hosts may send a message to the multicast group, redirecting all traffic to a single host which may not be a router. This can result in a Denial of Service to legitimate users of network resources.

Affected Products:

• Cisco HSRP RFC2281

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.