Juniper, Cisco Hardware Vulnerable To DoS Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Juniper, Cisco Hardware Vulnerable To DoS Attacks

Products from switch and router makers Juniper and Cisco have fatal flaws that could let hackers craft denial-of-service attacks which could disrupt enterprise networks.

Products from switch and router makers Juniper and Cisco have fatal flaws that could let hackers craft denial-of-service attacks which could disrupt enterprise networks, government and private security organizations said this week.

Customers should take the vulnerabilities seriously, wrote Amrit Williams, a Gartner analyst, in an online briefing posted Wednesday.

"A denial of service attack against a networking device has a much greater potential to affect productivity and networkwide functions than an attack against a workstation," he said.

The U.S. Computer Emergency Readiness Team (US-CERT) on Wednesday warned that all Juniper Network routers which run JUNOS software created prior to Jan. 7 of this year are susceptible to remotely-triggered DoS attacks.

"A remote, unauthenticated attacker may cause severe operational disruption to affected Juniper routers," the advisory stated. "Affected routers will suffer an effective denial of routing service when this vulnerability is exploited."

Juniper has posted its own security bulletin on its customer-only support site, and noted in the advisory that "routers running vulnerable JUNOS software are susceptible regardless of the router's configuration. It is not possible to use firewall filters to protect vulnerable routers."

The Sunnyvale, Calif.-based network manufacturer wasn't the only victim of its own bugs. Rival Cisco admitted Wednesday that its Internetwork Operating System (IOS) has a vulnerability in how it processes Internet Protocol version 6 (IPv6) packets. An attacker sending specially-crafted IPv6 packets to an affected Cisco device could force it to reboot, resulting in a denial of service.

Cisco's posted an advisory and a software update on its Web site for the vulnerability that Danish security firm Secunia rated as "moderately critical." The company ranked the Juniper bug the same.

In fact, Cisco has been plagued with multiple vulnerability issues of late, with four separate warnings posted on US-CERT since last Wednesday.

"Companies looking to implement best practices for vulnerability management should include procedures to deal with networking devices, as well as desktops and servers," added Gartner's Williams.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll