• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Cisco Biannual Patch Day: IOS Teeming with DoS Vulnerabilities

September 23, 2010 By The Editor

Summary:

  • These vulnerabilities affect: Many devices running Cisco IOS
  • How an attacker exploits them: Multiple vectors of attack; in the most common, the attacker sends specially crafted network packets
  • Impact: An attacker can cause your IOS device to reload and can repeatedly exploit these flaws to cause a Denial of Service (DoS) situation
  • What to do: Administrators who manage Cisco IOS devices should download, test, and deploy the appropriate Cisco updates as soon as possible

Exposure:

Over a year ago, Cisco implemented a twice-yearly patch cycle that falls on the fourth Wednesday of March and September. Yesterday marked another Cisco biannual patch day, for which they released six security advisories. Five of these advisories cover security vulnerabilities that affect devices running Cisco’s Internetwork Operating System (IOS) software. IOS is the operating system that runs on most Cisco routers and switches. The remaining advisory covers a flaw in Unified Communications Manager.

While Cisco’s IOS advisories differ in technical ways, all of them cover vulnerabilities that attackers could exploit in Denial of Service (DoS) attacks. For a complete list of today’s IOS alerts, check out the Cisco’s Bundled Advisory for September 22nd. However, we summarize three of the IOS advisories below:

Cisco Document ID 112028: Three NAT-related DoS vulnerabilities.

Cisco’s Network Address Translation (NAT) component suffers from three different DoS vulnerabilities. More specifically, the three DoS vulnerabilities have to do with how IOS NAT translates SIP, H.323, and H.225.0 traffic.  Though these flaw differ technically, they essentially share the same scope and impact. By sending specially crafted packets, an unauthenticated attacker can exploit any of these flaws to cause your IOS device to reload. Furthermore, if you use a Cisco IOS router as your Internet gateway, an attacker could repeatedly exploit these vulnerabilities to knock your network offline.
Base CVSS Score: 7.8 (10 being the most severe)

Cisco Document ID 112022: IOS SIP DoS vulnerabilities.

The Session Initiation Protocol (SIP) is a popular signaling standard used by many Voice over IP (VoIP) products. Unfortunately, IOS’s SIP handling implementation suffers from three unspecified DoS vulnerabilities. By sending a specially crafted SIP message to your IOS device, an attacker could exploit this vulnerability to reload your IOS device. If you use a Cisco IOS router to get to the Internet, an attacker could repeatedly exploit these vulnerabilities to knock your network offline. This vulnerability only affects IOS devices with SIP voice services enabled. This issue may sound similar to the flaws described above. However, this flaw actually lies within IOS’s SIP component, while the flaws above lie within IOS’s NAT component.
Average CVSS Score: 7.8

Cisco Document ID 112021: IOS H.323 DoS vulnerability.

H.323 is a standard that defines various protocols used to pass audio-visual communications across packet networks. Similar to the SIP issue above, IOS’s H.323 component suffers from two unspecified DoS vulnerabilities. By sending a specially crafted H.323 packets to your IOS device, an attacker can remotely cause a DoS condition on your IOS device.
Average CVSS Score: 7.8

The remaining two IOS advisories also fix DoS flaws just as severe as the ones described above. For greater detail on all of Cisco’s September vulnerabilities, check out the individual advisories in the References section of this alert, or refer to Cisco’s bundled security advisory for September 2010. Also, if you happen to use Cisco’s Unified Communications Manager, you should check out Cisco’s advisory describing a DoS flaw in it as well.

Solution Path:

Cisco has released patches to fix these vulnerabilities. If you use any Cisco device running IOS software, you should immediately consult the “Software Versions and Fixes” and “Obtaining Fixed Software” section of Cisco’s bundled security advisory for September 2010 to learn which fixes apply to your devices, and how to obtain them. You can also refer to the “Software Versions and Fixes” and “Obtaining Fixed Software” section of each of the individual alerts linked below.

For All Users:

Since these vulnerabilities can affect your router, which is typically in front of your firewall, the solutions above are your primary recourse.

Status:

Cisco has made fixes available.

References:

  • Cisco Bundled Security Advisory September 2010
  • Cisco IOS NAT DoS Vulnerabilities
  • Cisco IOS IGMP3 DoS Vulnerability
  • Cisco IOS SIP DoS Vulnerabilities
  • Cisco IOS H.323 DoS Vulnerabilities
  • Cisco IOS SSL VPN DoS Vulnerability
  • Cisco Unified Communications Manager SIP DoS Vulnerabilities

This alert was researched and written by Corey Nachreiner, CISSP.

Share This:

Related

Filed Under: Security Bytes Tagged With: cisco, cisco ios

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use