Menu
Cisco patches traffic snooping flaw in operating systems used by its networking gear

Cisco patches traffic snooping flaw in operating systems used by its networking gear

The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment

Cisco Systems said attackers could disrupt or intercept traffic in many of its networking products unless a new security update is applied to the software they run.

The issue affects the implementation of the Open Shortest Path First (OSPF) routing protocol and its Link State Advertisement (LSA) database in particular. This protocol is used for determining the shortest routing paths inside an Autonomous System (AS) -- a collection of routing policies for IP (Internet Protocol) addresses controlled by ISPs and large organizations.

The OSPF protocol is commonly used on large enterprise networks. It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic.

"This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic," Cisco said in a security advisory.

Exploiting the vulnerability doesn't require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device. The packets could contain false routes that would then get propagated throughout the entire OSPF AS domain.

However, the attacker does need to determine some information in advance in order to launch a successful attack, Cisco said. This information includes the network placement and IP address of the targeted router, the LSA database sequence numbers and the router ID of the OSPF Designated Router (DR).

The vulnerability affects networking devices running most versions of Cisco IOS, IOS-XE and NX-OS operating systems if they are configured for OSPF operations. It also affects the software running on the Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM), Cisco Pix Firewall, Cisco Firewall Services Module (FWSM) and the Cisco ASR 5000 carrier class platform.

The Cisco advisory contains a table with the vulnerable software releases and the updates available for them, if any. Instructions for enabling OSPF authentication, which can mitigate the vulnerability, are described in a separate technical document.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesnetworking hardwareCisco SystemsNetworkingsecuritypatch managementExploits / vulnerabilities

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments