Cisco today unveiled a slew of security advisories on several vulnerabilities in its IOS software. In all, there look to be eight or nine advisories on IOS, dealing with issues like IPv6 over MPLS, IP service level agreements, SIP, NAT, IPv6 DoS and more.
Cisco also issued advisories on a DoS condition with its 10000 series routers, a SIP memory leak in its Unified Communications Manager VoIP software, and a DoS condition in its Jabber instant messaging software. For some of the vulnerabilities, Cisco has already issued bulletins on how to identify and mitigate the conditions.
The IPv6 DoS vulnerability is one in which no mitigation bulletin has yet been published. The condition could allow an unauthenticated, remote attacker to cause a reload of an IPv6 device, and it may be triggered when the device processes a malformed IPv6 packet.
Repeated exploitation could result in a sustained DoS condition, the Cisco advisory states.
The vulnerability affects any IOS device in which IPv6 is enabled. IOS XR and IOS XE systems are not affected. Cisco has released free software updates that address this vulnerability but there are no workarounds to mitigate it, the company says.
This vulnerability was discovered by Cisco during internal testing and the company says it is not aware of any public announcements or malicious use of it.
A more significant condition befalls MPLS over IPv6... twice. IOS is affected by two vulnerabilities here that cause Provider and Provider Edge routers to reload when processing crafted IPv6 or ICMPv6 packets over an MPLS network. Both payloads may crash the routers because the MPLS TTL has expired.
There is no mediation bulletin issued for this vulnerability, but Cisco did state in the advisory that it has released free software to address and made workarounds available. In addition to IOS, IOS XE is also vulnerable.
The third interesting vulnerability is IP SLA. IP SLA is an embedded agent in IOS designed to measure and monitor common network performance metrics like jitter, latency and packet loss. There is a DoS condition triggered by when malformed UDP packets are sent to a vulnerable device.
The vulnerable UDP port numbers depend on the device configuration -- default ports cannot be exploited. If successful, the attacker could reload the device and carry out a DoS assault.
Cisco has released free software updates that address this vulnerability. It has also published a mitigation bulletin on it.
Affected UCM verisons are 6.x, 7.x and 8.x. All SIP ports -- TCP ports 5060 and 5061 and UDP ports 5060 and 5061 -- are affected as well, the advisory states. The vulnerability was found during internal testing and attending to customer service requests.
This vulnerability also affects Cisco IOS software, the advisory states.
In addition to the mitigation bulletin, Cisco released free software updates to address the memory leak.
More from Cisco Subnet:
The Cisco Subnet blog is written by Network World managing editor Jim Duffy Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
Follow Jim Duffy on Twitter