Skip Links

Three more flaws discovered in Cisco IOS

By Phil Hochmuth, NetworkWorld.com
January 27, 2005 11:24 AM ET

NetworkWorld.com - Cisco this week warned of several vulnerabilities in its IOS software that could be used by attackers to bring down routers in enterprise and service provider networks.

The three separate software flaws are related to Border Gateway Protocol (BGP), Multi-protocol Label Switching (MPLS) and IPv6. Two of the three bugs present the opportunity for an outside attacker to send a specially crafted packet, which would disrupt the router and cause it to reload. Attackers could use this technique repeatedly to mount a denial-of-service attack on the router.

Cisco has updated software available to fix the IOS problems. The company says it has no reports of any of the three bugs being used in an attack.

The MPLS-related flaw affects IOS software on access routers that can support MPLS but do not have the protocol turned on. The flaw could allow an attacker from outside the network to reset a router by sending a specially crafted MPLS packet to an interface on the router that is not enabled for MPLS. This attack could be repeated to take the router offline.

The MPLS bug could be a latent problem for businesses or organizations that buy both network services and routing equipment from a carrier, says Frank Dzubeck, president of Communications Network Architects, a Washington, D.C., consulting firm.

Many carriers distribute Cisco routers with MPLS code so the devices can support MPLS-based managed services, such as IP VPNs, Dzubeck says. For customers not using MPLS services, it is possible that they could have routers with the inactivated MPLS software, which would make them vulnerable.

“This is another case in IOS where you could have all this stuff,” in terms of inactive services and software features, “that is lurking in the background, waiting for people to find and exploit,” Dzubeck says.

The affected IOS release trains are 12.1T, 12.2, 12.2T, 12.3 and 12.3T. These release trains must be installed on these products:
* 2600 and 2800 routers
* 3600, 3700 and 3800 routers
* 4500 and 4700 routers 
* 5300, 5350 and 5400 series Access Servers

Cisco has free software available to fix the bug. Users can turn on MPLS Traffic Engineering on all their router ports as a stopgap measure for protecting the device.

The second vulnerability affects routers configured to run IPv6. Cisco says a remote attacker could send modified IPv6 packets to an affected router to cause the device to reset. The vulnerability makes interfaces that support IPv6, as well as IPv6-to-IPv4 tunnel interfaces, open to an attack, the company says. The vulnerability only affects routers configured to support IPv6. All Cisco routers are capable of IPv6 support, but are not configured to support the protocol by default.

The BGP-related bug affects all IOS versions where BGP is supported (versions 9.x, 10.x, 11.x and 12.x). However, it is not possible for an outside attacker to exploit the flaw to attack a router. Cisco says only “malformed packets may not come from malicious sources,” but only from other routers acting as trusted BGP routing peers on a network.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News