Cisco Warns of IOS Firewall Vulnerability
Cisco has warned that some configurations of IOS contain vulnerabilities that could lead to a sustained DoS attack or execution of arbitrary code.
In an advisory posted to its Web site, Cisco warned that its IOS Firewall Authentication Proxy for FTP and Telnet Sessions is vulnerable to a remotely-exploitable buffer overflow flaw. The company said devices that aren't configured for or don't support the feature aren't vulnerable, neither are devices configured with only Authentication Proxy for HTTP and/or HTTPS.
According to Cisco, the affected versions of IOS include versions 12.2ZH, 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T. Products running IOS version 12.2 or lower or IOS XR are not affected. Users can determine the version number on their equipment by using the show version command at the prompt.
Cisco says that malicious people exploiting the flaw could force the device to reload, creating a denial of service condition; or they could execute arbitrary code on the device.
Security company Symantec rated the severity of the vulnerability "high," and recommended blocking external access to affected devices if possible.
Cisco's advisory on the vulnerability includes links to updated versions of IOS that are not susceptible to the flaw.