As part of their semiannual patch day, Cisco released seven security advisories describing different Denial of Service (DoS) vulnerabilities affecting the IOS software that primarily ships with their routers. The seven flaws differ technically, and lie within various IOS components, including NAT, IKE, RSVP, etc. However, most of them share the same essential scope and impact. If a remote, unauthenticated attacker can send specially crafted packets to your IOS device, he can exploit many of these flaws to cause the device to fill up memory, or crash and restart. Attackers can repeatedly leverage these flaws to knock your router offline for as long as they can carry out the attack.
DoS vulnerabilities in your gateway router pose a fairly significant risk, since attackers can leverage them to essentially knock you offline. Right now, DoS attacks are in vogue among Hacktivists and other attackers. Over the past week, Spamhaus has suffered the largest DDoS attacks in recorded cyber history, and big banks have suffered from politically motivated DDoS attacks for months now. Though today’s IOS DoS flaws are not likely what contribute to these huge DDoS attacks, they could make a DDoS attackers life even easier. If you manage any Cisco IOS gear, I highly recommend you check out today’s Cisco IOS alerts and apply the corresponding updates and workarounds. — Corey Nachreiner, CISSP (@SecAdept)