Networking giant Cisco (NASDAQ:CSCO) this week released seven separate security advisories for vulnerabilities affecting its IOS network operating system — the core powering many of its routers and switches.
The vulnerabilities affect multiple features and protocols across Cisco’s networking portfolio, including TCP, IPsec VPNs
One of the vulnerabilities deals with a TCP packet
“The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase,” Cisco said in its advisory.
Multiprotocol Label Switching (MPLS)
“MPLS LDP enables peer label switch routers (LSRs) in an MPLS network to exchange label binding information for supporting hop-by-hop forwarding in an MPLS network,” Cisco stated. “A vulnerability exists in Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software when processing a specially crafted LDP packet.”
On the voice communications side, Cisco devices running IOS with SIP voice services enabled are being patched for multiple issues that could have been triggered by a remote unauthenticated attacker.
“Three vulnerabilities exist in the SIP implementation in Cisco IOS Software that may allow a remote attacker to cause a device reload, or execute arbitrary code,” Cisco stated in its advisory. “These vulnerabilities are triggered when the device running Cisco IOS Software processes malformed SIP messages.”
Cisco customers using IOS with H.323 voice services enabled are also getting an update for a pair of DoS vulnerabilities.
“An attacker can exploit these vulnerabilities remotely by sending crafted H.323 packets to the affected device that is running Cisco IOS Software,” Cisco wrote in its advisory. “When exploited, the first vulnerability may lead to an interface queue wedge. The second vulnerability may cause a memory leak and, in most cases, the device to reload.”
Cisco noted that an interface queue wedge is a type of vulnerability where packets are received and then never removed from the queue.
Also on the communications side is a Skinny Client Control Protocol (SCCP) issue that could lead to a DoS. SCCP is used as a mechanism for enabling voice communications between a Cisco end-point phone and a call management system.
“The Cisco Unified CME (Communications Manager Express) and Cisco Unified SRST (Survivable Remote Site Telephony) features in Cisco IOS Software are affected by two Denial-of-Service (DoS) vulnerabilities that may cause a device reload when processing specific, malformed SCCP messages,” Cisco stated in an advisory. “The malformed SCCP messages can only come from registered phone IP addresses.”
Cisco customers can obtain free software updates from the company to fix the vulnerabilities.