• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Cisco Biannual Patch Day: Seven DoS Advisories Primarily Affect IOS

March 25, 2010 By The Editor

Summary:

  • These vulnerabilities affect: Devices running Cisco IOS and Cisco UCM
  • How an attacker exploits them: Multiple vectors of attack; in the most common, the attacker sends specially crafted network packets
  • Impact: Various Denial of Service (DoS) issues, can force a Cisco device to crash, reload, or halt. One may also allow an attacker to execute code
  • What to do: Administrators who manage Cisco IOS or UCM devices should download, test, and deploy the appropriate Cisco updates as soon as possible

Exposure:

Yesterday, Cisco released seven security advisories as part of their biannual patch day, which falls on the fourth Wednesday of March and September. All of these advisories cover Denial of Service (DoS) security vulnerabilities that primarily affect devices running Cisco’s Internetwork Operating System (IOS) software. IOS is the operating system that runs on most Cisco routers. That said, attackers could potentially leverage one of the IOS DoS flaws to execute code on your IOS device, potentially gaining control of it. Finally, one of the advisories also covers a DoS in Unified Communications Manager (UCM), which is Cisco’s enterprise-level, IP telephony call-processing system.

While Cisco’s IOS advisories differ technically, all of them cover vulnerabilities that attackers could exploit in DoS attacks. For a complete list of today’s Cisco advisories, check out Cisco’s Bundled Advisory for March 24th or their Security Advisories page. We summarize three of the IOS advisories below:

Cisco Document ID 111448: IOS SIP DoS and code execution vulnerabilities.

The Session Initiation Protocol (SIP) is a multimedia communication standard used to make voice and video calls over an IP network. IOS’s SIP implementation suffers from three unspecified vulnerabilities involving the way it handles SIP Messages. By sending specially crafted SIP packets, a remote attacker could exploit these vulnerabilities to either reload your IOS device, or to potentially execute code on your IOS device. If you use a Cisco IOS router to get to the Internet, an attacker could repeatedly exploit the DoS vulnerabilities to knock your network offline. In the case of code execution, the attacker could potentially gain complete control of your IOS device.
Base CVSS Score: 10

Cisco Document ID 111265: IOS H.323 DoS vulnerabilities.

H.323 is a protocol designed to stream multimedia over a network, and often used in video conferencing. IOS’s H.323 implementation suffers from two unspecified vulnerabilities involving the way it handles H.323 traffic. By sending specially crafted H.323 packets, a remote attacker could exploit these vulnerabilities to reload your IOS device. If you use a Cisco IOS router to get to the Internet, an attacker could repeatedly exploit these vulnerabilities to knock your network offline.
Base CVSS Score: 7.8 (10 being the most severe)

Cisco Document ID 111266: IOS IPsec DoS vulnerability.

IPsec is a VPN standard designed to allow you to securely tunnel private communications over the Internet. IOS’s IPsec implementation suffers from a flaw in the way it handles specially crafted IPsec IKE packets. By sending specially crafted IKE packets to your Cisco device, a remote attacker could exploit this vulnerability to reload your IOS device. If you use a Cisco IOS router to get to the Internet, an attacker could repeatedly exploit these vulnerabilities to knock your network offline.
Base CVSS Score: 7.8

The remaining advisories also fix DoS flaws just as severe as the ones described above. For greater detail on all of Cisco’s March vulnerabilities, check out the individual advisories in the References section of this alert, or refer to Cisco’s bundled security advisory for March 2010.

Cisco also published an advisory describing a DoS vulnerability in their Unified Communications Manager (UCM). If you use Cisco UCM, be sure to apply these patches as well.

Solution Path:

Cisco has released patches to fix these vulnerabilities. If you use any Cisco device running IOS software or Cisco’s Unified Communications Manager (UCM), you should immediately consult the “Software Versions and Fixes” and “Obtaining Fixed Software” sections of the advisories listed in Cisco’s bundled security advisory for March 2010 to learn which fixes apply to your devices, and how to obtain them. You can also refer to the “Software Versions and Fixes” and “Obtaining Fixed Software” section of each of the individual alerts linked below.

For All WatchGuard Users:

Since these vulnerabilities can affect your router, which is typically in front of your WatchGuard firewall, the solutions above are your primary recourse.

Status:

Cisco has made fixes available.

References:

  • Cisco Bundled March 2010 Security Advisory
  • Cisco IOS Software H.323 Denial of Service Vulnerabilities
  • Cisco IOS Software IPsec DoS Vulnerability
  • Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
  • Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability
  • Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability
  • Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability
  • Cisco Unified Communications Manager Express Denial of Service Vulnerabilities

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, cisco, DoS

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use