 |
||||
 | |
| ||
|
||||
| ||||
|
|
||||
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.
Storage
WAN Services
Web/e-commerce
Wireless/Mobile
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings
Routers/Switches /
Flaw revealed in Cisco IOS
 
|
|||
 | |||
|
Cisco Systems has warned customers of a flaw in its Internetwork Operating System (IOS) software that could compromise the integrity of Transmission Control Protocol (TCP) traffic sent to and from its routers and switches.
The vulnerability exists in all released versions of IOS, and hence affects all Cisco routers and switches running the software, the company said in a security advisory issued Wednesday. Cisco's data networking equipment is the most widely used to carry traffic on the Internet.
The security flaw can allow the successful prediction of TCP Initial Sequence Numbers, Cisco said. Such numbers are supposed to be randomly generated by a sending machine and its receiving host as part of setting up a new IOS connection. Once the initial transmission is established, a sequence number is created based on the amount of data transmitted.
However, if the initial number is not random, then it is possible "with varying degrees of success, to forge one half of a TCP connection with another host in order to gain access to that host, or hijack an existing connection between two hosts in order to compromise the contents of the TCP connection," Cisco said in the advisory.
No Cisco customers had reported any attacks because of the vulnerability as of Thursday afternoon, a Cisco spokeswoman said. However, one analyst noted that with so much of the Internet running on Cisco equipment, any problem with its networking gear has the potential to become significant.
"Anything that poses a flaw to Cisco is something to be alarmed about, since they control about 80% of the router market," said Irwin Lazar, senior consultant with analyst firm The Burton Group Corp.
"The biggest issue out there is that people don't want to just slap an IOS upgrade in their routers without testing it first, in case another problem popped up when they corrected this one," he added.
The flaw affects the security only of TCP connections that originate or terminate on the Cisco device itself, not of any traffic that passes through the device in transit. Cisco said it is offering free software upgrades for affected customers.
The IDG News Service is a Network World affiliate.
Related Links
 |
 |
 |
|||||
|
|
|
|
|
|||
