Menu
Cisco: 13 IOS, IOS XE security flaws you should patch now

Cisco: 13 IOS, IOS XE security flaws you should patch now

Cisco says vulnerabilities in IOS/IOS XE could cause DOS situation; warns on Traceroute setting

Credit: Dreamstime

Cisco this week warned its IOS and IOS XE customers of 13 vulnerabilities in the operating system software they should patch as soon as possible.

All of the vulnerabilities – revealed in the company’s semiannual IOS and IOS XE Software Security Advisory Bundle – have a security impact rating (SIR) of "high". Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device, Cisco stated. 

Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two others affect Cisco IOS Software, and eight of the vulnerabilities affect Cisco IOS XE Software. The final one affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.  Cisco has released software updates that address these problems.

Some of the worst exposures include:

  • A vulnerability in the IOx application environment for Cisco IOS Software could let an authenticated, remote attacker gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root.This vulnerability affects Cisco 800 Series Industrial Integrated Services Routers and Cisco 1000 Series Connected Grid Routers (CGR 1000) that are running a vulnerable release of Cisco IOS Software with Guest OS installed.  While Cisco did not rate this vulnerability as critical, it did have a Common Vulnerability Scoring System (CVSS) of 9.9 out of 10.  Cisco recommends disabling the guest feature until a proper fix is installed.
  • An exposure in the Ident protocol handler of Cisco IOS and IOS XE software could allow a remote attacker to cause an affected device to reload. The problem exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference, Cisco stated. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could let the attacker cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and that are configured to respond to Ident protocol requests.
  • A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could let an unauthenticated, remote attacker trigger a reload of an affected device, resulting in a denial of service (DoS). The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd This triggers a reload of the device, Cisco stated.
  • A vulnerability in the ingress packet-processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could let an aggressor cause a denial of service (DoS). The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control-plane and management-plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device Cisco stated.

In addition to the warnings, Cisco also issued an advisory for users to deal with problems in its IOS and IOS XE  Layer 2 (L2) traceroute utility program.  The traceroute identifies the L2 path that a packet takes from a source device to a destination device.

Cisco said that by design, the L2 traceroute server does not require authentication, but it allows certain information about an affected device to be read, including Hostname, hardware model, configured interfaces, IP addresses and other details.  Reading this information from multiple switches in the network could allow an attacker to build a complete L2 topology map of that network.

Depending on whether the L2 traceroute feature is used in the environment and whether the Cisco IOS or IOS XE Software release supports the CLI commands to implement the respective option, Cisco said there are several ways to secure the L2 traceroute server: disable it, restrict access to it through infrastructure access control lists (iACLs), restrict access through control plane policing (CoPP), and upgrade to a software release that disables the server by default.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Featured

Slideshows

Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments