05:25 PM

Cisco Patches Critical IOS Vulnerabilities

Cisco has patched three vulnerabilities in the operating system that runs its switches and routers, two of which could allow attackers to gain complete control over an affected device.

Cisco on Wednesday said it has fixed three vulnerabilities in IOS, the operating system that runs its switches and routers, two of which could potentially allow remote attackers to gain complete control over an affected device.

The most serious of the IOS flaws can be triggered by sending a specially rigged packet directly to a switch or router, which would cause the device to reload and possibly pave the way for malicious code execution, according to a Cisco advisory Wednesday.

Attackers can exploit the flaw through Internet Control Message Protocol (ICMP) packets, Protocol Independent Multicast version 2 (PIMv2) packets, Pragmatic General Multicast (PGM) packets, or URL Rendezvous Directory (URD) packets that contain an altered IP option in the packet's IP header, the San Jose, Calif.-based vendor said.

Gary Berzack, CTO of eTribeca, a New York-based solution provider and Cisco partner, says many companies don't pay attention to critical updates, which is especially dangerous when it comes to vulnerabilities in widely deployed software such as IOS.

"We see IOS updates all the time, but when we go in and get a glimpse of companies security devices, we often find they haven't updated IOS in over a year," Berzack said.

All devices running all unpatched versions of Cisco IOS and Cisco IOS XR software are vulnerable. However, the flaw only affects devices configured to process IPv4 packets; those running only IPv6 aren't affected, according to Cisco, which assigned a CVSS base score of 10 out of 10 to the flaw.

In a separate advisory, Cisco said it has patched a flaw that affects only IOS systems set up to run IPv6, which isn't enabled by default. Attackers could exploit this vulnerability by getting IOS to process rigged IPv6 Type 0 Routing headers, which are used for source routing, a method for specifying the exact path that a packet must take to reach the destination, Cisco said.

In the best case scenario, a successful exploit will cause the router to crash, with repeated crashes creating a denial of service situation. However, because the flaw can lead to memory corruption, it could possibly be leveraged to allow remote attackers to execute malicious code, according to the advisory.

In addition, because the vulnerability exists on the IP layer, it can be triggered by any type of packet, including a spoofed packet, said Cisco, which assigned a CVSS base score of 10 out of 10 to the flaw.

This particular vulnerability affects every version of IOS ever built and has the potential to be easily exploitable, said Chris Labatt-Simon, president and CEO of D&D Consulting, an Albany, N.Y.-based solution provider. "IOS is a very large piece of code, and any large piece of code is more vulnerable than a small piece of code," he said.

However, all vendors have to deal with the problem of some organizations failing to update their products when vulnerabilities are patched, which is the main danger in this scenario, Labatt-Simon noted.

Cisco also patched a bug in the TCP listener component found in certain versions of IOS. The remotely exploitable memory leak could enable attackers to launch denial of service attacks against devices running IOS, but Cisco gave it a CVSS base score of 3.3 out of 10.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.