On 24th september, 2008 Cisco has official announced the l2tp vulnerability. A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases.
Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable.
This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet.
Recent Post
Click Here
Work Around
Note: L2TP implementations will need to allow UDP 1701, from trusted addresses to infrastructure addresses. This does not provide for a full mitigation as the source addresses may be spoofed.
Note: L2TPv3 over IP only implementations need to deny all UDP 1701 from anywhere to the infrastructure addresses.
Create an iACL
access-list 101 permit udp trusted-address wcm trusted-address wcm eq 1701
access-list 101 deny udp any any
access-list 101 permit 115 trusted-address wcm trusted address wcm
access-list 101 permit ip any any
As shown in picture apply access-list to fa0/0 in direction of Delhi-PE
int fa0/0
ip access-group 101 in