Cisco fixes denial-of-service flaws in IOS software for networking devices

Seven vulnerabilities that could lead to device reboots and other performance issues were patched in various IOS components

Cisco Systems released security updates for its IOS software used on routers, switches and other networking gear in order to fix seven vulnerabilities that could be exploited by attackers to impact the performance of affected devices or force them to reboot.

The newly released IOS versions contain patches for two vulnerabilities identified in the software's Network Address Translation (NAT) feature that's commonly used in routing scenarios. One vulnerability could be exploited by sending malformed DNS packets to be processed and translated by an affected device and the other by sending certain sequences of TCP packets.

"To determine whether NAT has been enabled in the Cisco IOS Software configuration, log in to the device and issue the 'show ip nat statistics' command," Cisco said in a security advisory published Wednesday. "If NAT is active, the sections 'Outside interfaces' and 'Inside interfaces' will each include at least one interface."

The advisory contains a table listing affected IOS versions and the corresponding patched releases. The Cisco IOS XR and Cisco IOS XE software families are not affected by these two NAT vulnerabilities.

A separate vulnerability was identified and patched in the IP version 6 (IPv6) protocol stack implementation in Cisco IOS and Cisco IOS XE software. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed IPv6 packets to trigger I/O (Input/output) memory depletion. This would cause the device to become unstable and require a reload, Cisco said in an advisory.

Cisco IOS and Cisco IOS XE updates were also released to fix a vulnerability in the software's Internet Key Exchange Version 2 (IKEv2) module. This vulnerability can be exploited to trigger a device reload by sending specifically crafted IKEv2 packets to it.

IKEv2 is used for a number of different features including several types of VPNs (Virtual Private Networks). However, "a device does not need to be configured with any IKEv2-specific features to be vulnerable," Cisco said in an advisory.

Another vulnerability was found and patched in the Secure Sockets Layer (SSL) VPN subsystem of the Cisco IOS software. The flaw allows an attacker to consume the memory of an affected device by submitting crafted HTTPS requests. This could impact the device's performance, could cause certain processes to fail or could lead to a device restart.

"To determine whether a device is enabled for WebVPN, the preferred method is to issue the 'show webvpn gateway' EXEC command," Cisco said in an advisory. "A device is affected if it is running the vulnerable software and the configuration lists the Admin and Operation statuses of any configured gateway as up."

The Cisco IOS XE and Cisco IOS XR software is not affected by this vulnerability and neither is the Cisco ASA 5500 Series Adaptive Security Appliance.

A sixth vulnerability was found in the Session Initiation Protocol (SIP) implementation in Cisco IOS and Cisco IOS XE. SIP is widely used for establishing multimedia communications like voice and video calls over the Internet.

The vulnerability only affects devices configured to process SIP messages and running Cisco IOS 15.3(3)M and 15.3(3)M1 or Cisco IOS XE 3.10.0S and 3.10.1S1, Cisco said in an advisory. The vulnerability was addressed in Cisco IOS 15.3(3)M2 and Cisco IOS XE 3.10.2S.

The last denial-of-service vulnerability patched Wednesday affects only IOS software running on the RSP720-3C-10GE and RSP720-3CXL-10GE models of the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks.

The vulnerability is due to an issue with the device's onboard Kailash FPGA versions prior to 2.6, Cisco said in an advisory. "An attacker could exploit this vulnerability by sending crafted IP packets to or through the affected device. An exploit could allow the attacker to cause the route processor to no longer forward traffic or reboot."

The advisory contains a table with the IOS software versions that are vulnerable and the corresponding patched releases. The Cisco IOS XE and IOS XR software is not affected by this vulnerability.

Join the CSO newsletter!

Error: Please check your email address.

Tags patchesnetworking hardwareCisco SystemsNetworkingsecuritypatch managementExploits / vulnerabilities

More about ASACiscoCisco

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place