Mulitple -- if not most -- Cisco products affected, vulnerable to DoS attacks
Cisco this week issued a patch for a denial of service vulnerability that affects multiple products. The bug was discovered last year by Outpost24, a Swedish provider of network security products.
The vulnerability allows attackers to manipulate the state of TCP connections, according to a Cisco security advisory released this week. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely, the Cisco advisory states.
If enough TCP connections are forced into a long-lived or indefinite state, system resources may be consumed, preventing new TCP connections from being accepted and thus initiating a DoS condition.
Affected Cisco products include scores of routers and switches running IOS, IOS-XE and CatOS operating systems; Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 under certain configurations; NX-OS-based products like the new Nexus 5000 and 7000 switches; and Scientific-Atlanta and Linksys products.
Cisco says it has released free software updates for download from the its website that address these vulnerabilities. Workarounds are also available.
More from Cisco Subnet:
Win great stuff from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feedFollow Cisco Subnet on Twitter.
- Cisco-Juniper battle for carrier business continues neck-and-neck
- Juniper’s enterprise attack is making progress
- 100G Ethernet races to market
- Are HP, 3Com a better value than Cisco?
- When the compliance officer comes calling … hide the VMotion
- It’s Really Only Partly Cloudy Out There
- Is Cisco ACS 5.0 worth the upgrade?
- Port 666
Like e-mail? Subscribe to the




