Menu
Cisco patches traffic snooping flaw in operating systems used by its networking gear

Cisco patches traffic snooping flaw in operating systems used by its networking gear

The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment

Cisco Systems said attackers could disrupt or intercept traffic in many of its networking products unless a new security update is applied to the software they run.

The issue affects the implementation of the Open Shortest Path First (OSPF) routing protocol and its Link State Advertisement (LSA) database in particular. This protocol is used for determining the shortest routing paths inside an Autonomous System (AS) -- a collection of routing policies for IP (Internet Protocol) addresses controlled by ISPs and large organizations.

The OSPF protocol is commonly used on large enterprise networks. It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic.

"This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic," Cisco said in a security advisory.

Exploiting the vulnerability doesn't require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device. The packets could contain false routes that would then get propagated throughout the entire OSPF AS domain.

However, the attacker does need to determine some information in advance in order to launch a successful attack, Cisco said. This information includes the network placement and IP address of the targeted router, the LSA database sequence numbers and the router ID of the OSPF Designated Router (DR).

The vulnerability affects networking devices running most versions of Cisco IOS, IOS-XE and NX-OS operating systems if they are configured for OSPF operations. It also affects the software running on the Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM), Cisco Pix Firewall, Cisco Firewall Services Module (FWSM) and the Cisco ASR 5000 carrier class platform.

The Cisco advisory contains a table with the vulnerable software releases and the updates available for them, if any. Instructions for enabling OSPF authentication, which can mitigate the vulnerability, are described in a separate technical document.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesnetworking hardwareCisco SystemsNetworkingsecuritypatch managementExploits / vulnerabilities

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments