Cisco Patches DoS Flaw in NCS 6000 Routers

Author: Michael Mimoso
minute read

Cisco today released patches for two products, including one for a vulnerability rated high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers.

Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers.

The flaw rests in the management of system timer resources and could allow an attacker to remotely crash the router.

“An attacker could exploit this vulnerability by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections to an affected device,” Cisco said in its advisory. “An exploit could allow the attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the RP on the affected platform.”

Such connections could overwhelm the router, leading it to crash and eventually reload the Route Processor, Cisco said.

The vulnerability affects Cisco NCS 6000 only when Cisco IOS XR is configured to process SSH, SCP and SFTP management connections to the router. An attacker could exploit this using either IPv4 or IPv6 packets and by sending them to TCP listening port 22 or other TCP ports configured for the services in question.

“An attacker must establish a TCP three-way handshake, but the management connection to a vulnerable device does not have to be authenticated,” Cisco said. “This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited with traffic transiting an affected device.”

Cisco’s second patch released today addresses a flaw in the Cisco ASR 5000 Series, prior to versions 19.4 and 20.1. Cisco ASR are aggregation services routers designed for service provider and enterprise networks.

Cisco said the flaw is in the SNMP configuration management and a remote attacker can exploit this to read and modify device configurations using SNMP read-write community strings.

“The vulnerability occurs because the configured SNMP community string is not confidential,” Cisco said in its advisory. “An attacker could perform an SNMP query to the affected device to view the SNMP community string. An exploit could allow the attacker to read and modify the device configuration using the disclosed SNMP read-write community string.”

The flaw has a CVSS base score of 4.0, while the IOS vulnerability has a score of 7.8.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.