On March 26, 2014 Cisco has announced six serious security vulnerabilities (five vulnerabilities in Cisco IOS software and one in Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks). If the vulnerabilities are exploited they can result in Denial of Service condition for the devices.
All six vulnerabilities have a CVSS base score of greaten than 7 (with maximum of 10) which means they are high risk since they can be exploited remotely without authentication.
Here is a summary of the six vulnerabilities:
- DoS in SIP (Session Initiation Protocol for VoIP) affecting IOS XE Software release 3.10.0S and 3.10.1S
- The Route Processor of a Cisco 7600 with RSP720 engine can be rebooted or stop forwarding traffic remotely with crafted IP packets.
- A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition.
- Malformed DNS packets can crash the NAT in various IOS versions.
- Certain types of HTTP requests can cause a Denial of Service in the SSL VPN subsystem of Cisco IOS.
- A malformed IPv6 packet can cause a DoS condition (I/O memory depletion) on IOS and IOS XE devices which have IPv6 enabled.
Get the full details of the above with information how to fix them HERE.
There is no evidence that the above vulnerabilities have been exploited in the wild, but if they get exploited in the future, the risk impact will be huge.
- Comparing Cisco IOS Configurations (Config Compare Tools)
- Cisco Access List Configuration Examples (Standard, Extended ACL) on Routers Etc
- PPTP Remote Access VPN Configuration on Cisco Routers
- Cisco IOS Zone Based Firewall Configuration Example (ZBF)
- How to Disable Telnet and Enable SSH on Cisco Devices