Skip Links

Cisco security advisory day

Lots of IOS holes to plug

By Jim Duffy on Wed, 09/28/11 - 3:55pm.

Cisco today unveiled a slew of security advisories on several vulnerabilities in its IOS software. In all, there look to be eight or nine advisories on IOS, dealing with issues like IPv6 over MPLS, IP service level agreements, SIP, NAT, IPv6 DoS and more.

Cisco also issued advisories on a DoS condition with its 10000 series routers, a SIP memory leak in its Unified Communications Manager VoIP software, and a DoS condition in its Jabber instant messaging software. For some of the vulnerabilities, Cisco has already issued bulletins on how to identify and mitigate the conditions.

The IPv6 DoS vulnerability is one in which no mitigation bulletin has yet been published. The condition could allow an unauthenticated, remote attacker to cause a reload of an IPv6 device, and it may be triggered when the device processes a malformed IPv6 packet.

Repeated exploitation could result in a sustained DoS condition, the Cisco advisory states.

The vulnerability affects any IOS device in which IPv6 is enabled. IOS XR and IOS XE systems are not affected. Cisco has released free software updates that address this vulnerability but there are no workarounds to mitigate it, the company says.

This vulnerability was discovered by Cisco during internal testing and the company says it is not aware of any public announcements or malicious use of it.

A more significant condition befalls MPLS over IPv6... twice. IOS is affected by two vulnerabilities here that cause Provider and Provider Edge routers to reload when processing crafted IPv6 or ICMPv6 packets over an MPLS network. Both payloads may crash the routers because the MPLS TTL has expired.

There is no mediation bulletin issued for this vulnerability, but Cisco did state in the advisory that it has released free software to address and made workarounds available.  In addition to IOS, IOS XE is also vulnerable.

The third interesting vulnerability is IP SLA. IP SLA is an embedded agent in IOS designed to measure and monitor common network performance metrics like jitter, latency and packet loss. There is a DoS condition triggered by when malformed UDP packets are sent to a vulnerable device.

The vulnerable UDP port numbers depend on the device configuration -- default ports cannot be exploited. If successful, the attacker could reload the device and carry out a DoS assault.

Cisco has released free software updates that address this vulnerability. It has also published a mitigation bulletin on it.

Cisco also issued a mitigation bulletin on UCM's SIP Memory Leak. That's launched by processing malformed SIP messages. Exploitation could interrupt or deny voice service.

Affected UCM verisons are 6.x, 7.x and 8.x. All SIP ports -- TCP ports 5060 and 5061 and UDP ports 5060 and 5061 -- are affected as well, the advisory states. The vulnerability was found during internal testing and attending to customer service requests.

This vulnerability also affects Cisco IOS software, the advisory states.

In addition to the mitigation bulletin, Cisco released free software updates to address the memory leak.

More from Cisco Subnet:

HP "beat the crap" out of Cisco, others

Cisco, sources reveal data center next steps

Cisco's 'Jawbreaker' seen as response to competitive pressure

Cisco grapples with transition as switches and routers lag

Cisco caught off guard by switching hit

Cisco switching transition "poorly managed and timed"

Should Cisco Sell?

FCoE: From fee to free

Cisco's alright with free FCoE

Follow all Cisco Subnet bloggers on Twitter.
Follow Jim Duffy on Twitter