Cisco Updates IOS for Multiple Vulnerabilities

Enterprise network security could have faced exploits in Cisco's core operating system for its networking gear.

By Sean Michael Kerner | Posted Mar 26, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Networking giant Cisco (NASDAQ:CSCO) this week released seven separate security advisories for vulnerabilities affecting its IOS network operating system -- the core powering many of its routers and switches.

The vulnerabilities affect multiple features and protocols across Cisco's networking portfolio, including TCP, IPsec VPNs , H.323 media and SIP . While the various vulnerabilities range in severity, they all could potentially trigger a Denial-of-Service (DoS) condition.

One of the vulnerabilities deals with a TCP packet DoS issue that could have been abused by a remote, unauthenticated attacker. TCP packets are among the most common forms of traffic that traverse a network, making the problem potentially serious.

"The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase," Cisco said in its advisory.

Multiprotocol Label Switching (MPLS) functionality in Cisco IOS also risked a DoS condition prior to the update.

"MPLS LDP enables peer label switch routers (LSRs) in an MPLS network to exchange label binding information for supporting hop-by-hop forwarding in an MPLS network," Cisco stated. "A vulnerability exists in Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software when processing a specially crafted LDP packet."

On the voice communications side, Cisco devices running IOS with SIP voice services enabled are being patched for multiple issues that could have been triggered by a remote unauthenticated attacker.

"Three vulnerabilities exist in the SIP implementation in Cisco IOS Software that may allow a remote attacker to cause a device reload, or execute arbitrary code," Cisco stated in its advisory. "These vulnerabilities are triggered when the device running Cisco IOS Software processes malformed SIP messages."

Cisco customers using IOS with H.323 voice services enabled are also getting an update for a pair of DoS vulnerabilities.

"An attacker can exploit these vulnerabilities remotely by sending crafted H.323 packets to the affected device that is running Cisco IOS Software," Cisco wrote in its advisory. "When exploited, the first vulnerability may lead to an interface queue wedge. The second vulnerability may cause a memory leak and, in most cases, the device to reload."

Cisco noted that an interface queue wedge is a type of vulnerability where packets are received and then never removed from the queue.

Also on the communications side is a Skinny Client Control Protocol (SCCP) issue that could lead to a DoS. SCCP is used as a mechanism for enabling voice communications between a Cisco end-point phone and a call management system.

"The Cisco Unified CME (Communications Manager Express) and Cisco Unified SRST (Survivable Remote Site Telephony) features in Cisco IOS Software are affected by two Denial-of-Service (DoS) vulnerabilities that may cause a device reload when processing specific, malformed SCCP messages," Cisco stated in an advisory. "The malformed SCCP messages can only come from registered phone IP addresses."

Cisco customers can obtain free software updates from the company to fix the vulnerabilities.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter