Menu
Cisco fixes TCP denial-of-service bug

Cisco fixes TCP denial-of-service bug

Cisco this week issued a patch for a denial-of-service vulnerability that affects multiple products.

The vulnerability allows attackers to manipulate the state of TCP connections, according to a Cisco security advisory released this week. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely, the Cisco advisory states.

Review: ASR 1000 ready to replace aging Cisco routers

If enough TCP connections are forced into a long-lived or indefinite state, system resources may be consumed, preventing new TCP connections from being accepted and thus initiating a DoS condition. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system, the advisory states.

The bug was first discovered a year ago by Outpost24, a Swedish provider of network security products.

Affected products include scores of routers and switches running IOS, IOS-XE and CatOS operating systems; Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 under certain configurations; NX-OS-based products such as the new Nexus 5000 and 7000 swsitches; and Scientific-Atlanta and Linksys products.

In addition to these vulnerabilities, Nexus 5000 switches contain a TCP DoS vulnerability that may result in a system crash, the Cisco advisory states. This vulnerability can be exploited remotely without authentication and without user interaction, and repeated attempts to exploit this vulnerability could result in a sustained DoS condition.

Cisco says it has released free software updates for download from its Web site that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are also available, the company says.

Cisco declined further comment on the situation.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Meet the winners of the 2020 Reseller News Innovation Awards

Meet the winners of the 2020 Reseller News Innovation Awards

Reseller News honoured the standout players of the New Zealand channel in front of more than 500 technology leaders in Auckland on 21 October, recognising the achievements of top partners, start-ups, vendors, distributors and individuals.

Meet the winners of the 2020 Reseller News Innovation Awards
Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Show Comments