Cisco users on Notice

No free software to plug these holes

Cisco issued four security notices - not security advisories - recently to alert users of "low- to mid-level severity" security issues involving the company's IOS XR software, Unified Computing System server, ASA firewalls and wireless LAN controllers. The notices were first reported by

A Cisco security notice differs from a security advisory in that the notices deal with vulnerabilities Cisco deems to be low severity or "mid-level" severity. Advisories are apparently issued for higher level vulnerabilities discovered during product service and support, internal testing, or by customers or researchers.

With security advisories, Cisco usually proactively issues free software upgrades to fix the vulnerability or publishes workarounds to mitigate it. Not so with the security notice - Cisco leaves it to the customer to contact their support channels for software upgrades that are not free.

[COMING SOON: Could this be Cisco's Internet of Everything router?]

The IOS XR vulnerability involves the Routing Information Protocol, and could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet that an attacker could exploit by sending a crafted RIP version 2 packet.

The UCS hole has to do with a memory leak situation in the 6100 series Fabric Interconnects. The vulnerability is due to not releasing memory after execution of either the show monitor session all or show monitor session CLI commands if a Switched Port Analyzer session is not configured.

An attacker could exploit this vulnerability by executing either the show monitor session all or the show monitor session locally on the device, which would cause the device to exhaust its memory and reset, according to the security notice.

The ASA vulnerability could allow an unauthenticated, remote attacker to fill the connection table in the ASA and prevent new connections to be established through the device. The vulnerability is due to the ASA not honoring the idle timeout for some protocol inspected connections. If an attacker sends several crafted requests for one or more protocols configured for inspection, the ASA firewall could stop accepting new connections, resulting in a denial of service condition.

The wireless LAN controller glitch is also a DoS condition that could be executed through the device's Web Administrator Interface.  The vulnerability is due to a failure to properly validate certain parameters prior to processing them on the device, the notice states.

An authenticated attacker with an account that is a member of either the Full Manager, Read Only or Lobby Ambassador managers group could exploit this vulnerability by submitting a request to the affected device that contains a missing or malformed value for specific parameters. An exploit could allow the attacker to crash the device resulting in a DoS condition during a system reboot, the notice states.

More from Cisco Subnet:

Some final notes on Cisco Live

Chambers: Cisco waited too long to address SDNs

Cisco, Insieme tout 'penalty-free' fabric architecture

Cisco forms Internet of Things group

Cisco delivers 'monster' Catalyst switch in major product refresh

First look: Catalyst 6800 switch and friends

Insieme will be in the house at Cisco Live

Cisco denies spying

Cisco looks to standardize context-aware security

CCIE's raise Voice over Cisco cert move

Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10