Telecommunications company Cisco this week is warning customers and those running their software of eight separate vulnerabilities it has patched in its internetwork operating system (IOS) infrastructure product.
Cisco’s Product Security Incident Response Team (PSIRT) released the advisories yesterday on the Security Intelligence Operations section of its website.
More than half of the advisories deal with denial of service vulnerabilities that stem from the way the software is configured. The vulnerabilities involve the Network Time Protocol (NTP) feature, the virtual fragmentation reassembly (VFR) feature for IPv6, the network access translation (NAT) feature, the T1/E1 driver queue and the DCHP implementation of IOS. All could – under the right circumstances – allow an unauthenticated remote hacker to cause a DoS condition, either by sending maliciously crafted packets to the device or getting the device to reload without the users’ consent.
The other three vulnerabilities involve different components in the device.
One is tied to IOS’ Zone-Based Firewall (ZBFW) functionality. The ZBFW incorrectly processes some types of HTTP packets when the device is “configured for either Cisco IOS Content Filtering or HTTP application layer gateway inspection.” All a hacker would have to do is send malicious HTTP packets through a device to exploit it.
The second involves a problem in IOS’ Internet Key Exchange (IKE) feature that could lead to a memory leak and device reload. Much like the ZBFW vuln, IKE incorrectly handles malformed IKE packets. Some specially crafted IKE packets could cause the software to not release allocated memory, in turn causing a memory leak.
Lastly, a wedge vulnerability in the Resource Reservation Protocol (RSVP) feature can allow a hacker to trigger an “interface queue wedge” on the affected device that can lead to loss of connectivity, loss of routing protocol and in some cases, a DoS condition. An interface queue wedge is more or less a vulnerability where packets are received and queued by IOS but never removed from the queue, stifling the device and causing it to stop working.
While workarounds are available for three of the eight vulnerabilities, the NTP vulnerability, the wedge vulnerability and the T1/E1 vulnerability, Cisco has released free software updates that remedy all of the IOS issues.
All of the updates are available on Cisco’s Security Advisories, Responses and Notices page and those deploying the updates are being asked to review their software before patching them to make sure their current configurations will continue to be supported.
Cisco IOS is run on millions of machines globally and is essentially a collection of routers, switches and functions that rely on the company’s networking system. It’s the second time this year Cisco has released a large batch of patches for the product. The company also pushed out seven patches for the software in late March.
