• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Potential Zero Day Cisco IOS DoS Vulnerabilities

May 5, 2011 By Corey Nachreiner

According to posts on the Bugtraq mailing list [ 1 / 2 ], Cisco’s popular router and switch operating system — IOS — suffers from two zero day Denial of Service (DoS) vulnerabilities. These advisories come from the penetration test team Of NCNIPC (China).

The advisories share minimal technical details about the two supposed flaws. They do say, attackers can trigger one DoS with a UDP packet flood and the other with SNMP packet sent to improper ports. In either case, the attack can put your IOS devices in a non-responsive state, requiring a reboot. By carrying out this sort of attach against your gateway router, and attacker can failry easily knock you offline

Cisco has since replied to these vulnerability allegations, saying they are researching the situations. However, they did not confirm or deny the DoS flaws, nor have they had time to release patches. Until they do, you can mitigate the risk of one of the flaws by disabling SNMP on your IOS device.

We’ll let you know more as soon as Cisco shares more complete details about these flaws. In the meantime, keep your eyes out for UDP floods. — Corey Nachreiner, CISSP

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, cisco, DoS, Zero day exploit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use