Cisco: IOS security update includes denial of service and code execution warnings

Cisco is warning IOS and IOS EXE users of five security vulnerabilities it rates as “High” that could lead to denial of service attacks or allow an invader to execute arbitrary code on an particular system.

The warnings – which include Cisco’s DHCP client, L2TP, Zero Touch Provisioning, HTTP server and Web user interface — are part of what Cisco says are a twice-yearly bundle of IOS security advisories it issues to keep those users up-to-date on current IOS security issues.

+More on Network World: Cisco closes AppDynamics deal, increases software weight+

This bundle of warnings falls within a week of another IOS security disclosure that a vulnerability in IOS software disclosed in the recent WikiLeaks dump of CIA exploits could let an attacker cause a reload of an affected device or remotely execute code and take over a device. That problem impacts more than 300 models of Cisco Catalyst switches and the company issued a “critical” warning for its Catalyst networking customers.

The March 22 bundle includes five Cisco Security Advisories that describe exposures in Cisco IOS Software and Cisco IOS XE Software. Cisco wrote that “two of the advisories describe vulnerabilities that are common to both Cisco IOS Software and Cisco IOS XE Software. Three of the advisories describe vulnerabilities that exist only in Cisco IOS XE Software. All the vulnerabilities have a Security Impact Rating of High.”

+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+

A brief description from Cisco on each newly disclosed IOS vulnerabilities follows:

DHCP: A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition.

Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol: A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could let an attacker cause the affected device to reload, resulting in a denial of service (DoS) condition.

Cisco ASR 920 Series Routers Zero Touch Provisioning: A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could let the attacker cause the device to reload, resulting in a denial of service (DoS) condition.

Software HTTP Command Injection: A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could let an attacker execute commands with root privileges

Web User Interface: A vulnerability in the Web User Interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.

Cisco has released software updates that address the vulnerabilities.

Check out these other hot stories:

Can you imagine Mars with Saturn-like rings?

Cisco closes AppDynamics deal, increases software weight

Juniper extends data center interconnect options

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

DARPA wants to cultivate the ultimate transistor of the future

DARPA plan would reinvent not-so-clever machine learning systems

Cisco security advisory dump finds 20 warnings, 2 critical

DARPA fortifies early warning system for power-grid cyber assault

Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain

Cisco jumps on ex-Juniper exec Davidson for service provider biz

Old nemesis spam becoming significant way for attackers to subvert data

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Uncategorized

Leave a Reply