News
News
1/24/2007
05:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Patches Critical IOS Vulnerabilities

Cisco has patched three vulnerabilities in the operating system that runs its switches and routers, two of which could allow attackers to gain complete control over an affected device.

Cisco on Wednesday said it has fixed three vulnerabilities in IOS, the operating system that runs its switches and routers, two of which could potentially allow remote attackers to gain complete control over an affected device.

The most serious of the IOS flaws can be triggered by sending a specially rigged packet directly to a switch or router, which would cause the device to reload and possibly pave the way for malicious code execution, according to a Cisco advisory Wednesday.

Attackers can exploit the flaw through Internet Control Message Protocol (ICMP) packets, Protocol Independent Multicast version 2 (PIMv2) packets, Pragmatic General Multicast (PGM) packets, or URL Rendezvous Directory (URD) packets that contain an altered IP option in the packet's IP header, the San Jose, Calif.-based vendor said.

Gary Berzack, CTO of eTribeca, a New York-based solution provider and Cisco partner, says many companies don't pay attention to critical updates, which is especially dangerous when it comes to vulnerabilities in widely deployed software such as IOS.

"We see IOS updates all the time, but when we go in and get a glimpse of companies security devices, we often find they haven't updated IOS in over a year," Berzack said.

All devices running all unpatched versions of Cisco IOS and Cisco IOS XR software are vulnerable. However, the flaw only affects devices configured to process IPv4 packets; those running only IPv6 aren't affected, according to Cisco, which assigned a CVSS base score of 10 out of 10 to the flaw.

In a separate advisory, Cisco said it has patched a flaw that affects only IOS systems set up to run IPv6, which isn't enabled by default. Attackers could exploit this vulnerability by getting IOS to process rigged IPv6 Type 0 Routing headers, which are used for source routing, a method for specifying the exact path that a packet must take to reach the destination, Cisco said.

In the best case scenario, a successful exploit will cause the router to crash, with repeated crashes creating a denial of service situation. However, because the flaw can lead to memory corruption, it could possibly be leveraged to allow remote attackers to execute malicious code, according to the advisory.

In addition, because the vulnerability exists on the IP layer, it can be triggered by any type of packet, including a spoofed packet, said Cisco, which assigned a CVSS base score of 10 out of 10 to the flaw.

This particular vulnerability affects every version of IOS ever built and has the potential to be easily exploitable, said Chris Labatt-Simon, president and CEO of D&D Consulting, an Albany, N.Y.-based solution provider. "IOS is a very large piece of code, and any large piece of code is more vulnerable than a small piece of code," he said.

However, all vendors have to deal with the problem of some organizations failing to update their products when vulnerabilities are patched, which is the main danger in this scenario, Labatt-Simon noted.

Cisco also patched a bug in the TCP listener component found in certain versions of IOS. The remotely exploitable memory leak could enable attackers to launch denial of service attacks against devices running IOS, but Cisco gave it a CVSS base score of 3.3 out of 10.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.