Denial of Service and Memory Vulnerabilities Patched in Cisco IOS

Cisco released its semiannual set of patches for its Cisco IOS router and switch operating system. The patches address 16 vulnerabilities.

Cisco on Wednesday pushed out its semiannual batch of security patches for Cisco IOS, the operating system on the bulk of its routers and network switches.

Yesterday’s release—the next will be the fourth Wednesday of September—included seven advisories patching 16 vulnerabilities that could enable denial-of-service attacks or “interface wedge”. Cisco describes an interface queue wedge as a vulnerability that occurs when a Cisco IOS router or switch queues certain packets and because of the vulnerability, those are never removed from the queue. The class of bug has plagued Cisco IOS on several occasions in the past.

The most severe issue according to Cisco involves multiple vulnerabilities in Cisco IOS and IOS XE Autonomic Networking Infrastructure, a feature that is vulnerable to remote attack leading to router or switch crashes or a hacker remotely gaining control of the affected device.

This advisory patches three vulnerabilities.

The first addresses a vulnerability in which an unauthenticated attacker could remotely spoof an Autonomic Networking Registration Authority response because of insufficient validation of the response message, Cisco said.

Another denial-of-service vulnerability in this advisory enables an attacker to remotely disrupt access to the autonomic domain. “The vulnerability is due to an overloaded AN message which can reset the finite state machine. An attacker could exploit this vulnerability by sending crafted AN messages that spoof an existing AN node,” the advisory said.

The third issue addressed in the advisory is another DoS condition that causes the device to reload if exploited. Cisco said the vulnerability is caused by insufficient validation of the AN message.

Cisco said its ASR 901, 901S, and 903 Series Aggregation Services Routers, and its Cisco ME 3600, 3600X, and 3800X Series Ethernet Access Switches are affected if ANI is enabled. Cisco said that Cisco IOS XR and IOS NX-OS software is not affected.

Another highly rated vulnerability is a remote code execution bug in Cisco IOS XE. An attacker with a specially crafted TCP packet could allow an attacker to run malicious code on an affected device, the advisory said. The advisory said Cisco IOS XE Software for Cisco ASR 1000 Series Routers, Cisco 4400 Series ISRs, and Cisco CSR 1000v Series are affected. The four remaining vulnerabilities patched in this advisory are denial of service bugs in which an attacker can trigger the forwarding plane to reload, causing an interruption of services, Cisco said.

Cisco warned in another advisory of a queue wedge vulnerability in the virtual routing and forwarding subsystem in Cisco IOS. This could lead to an attacker remotely causing a denial of service attack on an affected device.

“The vulnerability is due to a failure to properly process malicious ICMP version 4 (ICMPv4) messages received on a VRF-enabled interface,” Cisco said in its advisory. “When the ICMPv4 messages are processed, the packet queue of the affected interface may not be cleared, leading to a queue wedge. When a wedge occurs, the affected device will stop processing any additional packets received on the wedged interface.”

The remaining advisories address a DoS bug in Cisco IOS Internet Key Exchange Version 2; DoS, and TCP/IP and UDP packet memory leak vulnerabilities in Cisco IOS Software Common Industrial Protocol; a DoS bug in Cisco IOS and IOS XE mDNS Gateway; and an IOS and IOS XE TCP packet memory leak vulnerability.

Suggested articles