September 7, 2005 4:35 PM PDT

New Cisco flaw could pose threat to Net

A serious flaw in Cisco Systems software puts computer networks at risk of cyberattack and has prompted security vendor Symantec to raise its Internet threat level.

A vulnerability in Cisco's Internetwork Operating System could be exploited to crash or remotely run malicious code on devices that run IOS, the San Jose, Calif., networking giant warned Wednesday in a security advisory. IOS runs on Cisco's routers and switches, which make up a large portion of the Internet's infrastructure.

"Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code," Cisco said in its advisory. "Repeated exploitation could result in a sustained (denial of service) attack or execution of arbitrary code."

Cisco's warning prompted Symantec to raise its ThreatCon global threat index to Level 2, which means an attack is expected. "Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term," Symantec said in an advisory.

Symantec and Cisco both noted that there are no known exploits or attacks that take advantage of this latest IOS vulnerability. Cisco has software fixes available to correct the problem.

Cisco has had a hot summer when it comes to security. During the Black Hat and Defcon security events in July, researcher Michael Lynn demonstrated he could gain control of a Cisco router by exploiting a known security flaw in IOS. The operating system had until then been perceived as impervious to such attacks.

Cisco and Internet Security Systems--Lynn's employer--had agreed to pull the presentation, but researcher Lynn quit his job and gave the talk anyway. Cisco and ISS sued Lynn after his presentation and hackers rallied behind the researcher.

The vulnerability disclosed on Wednesday doesn't affect all versions of IOS, Cisco said. Furthermore, the vulnerability exists only if the Firewall Authentication Proxy for FTP and Telnet Sessions is in use, Cisco said. That component of IOS handles authentication requests for file transfer and telnet sessions.

Affected are those devices running IOS versions 12.2ZH and 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T, Cisco said. Users can log on to their Cisco device and enter the "show version" command to determine which version of IOS it is running, Cisco said. The company rates the issue as a "medium" urgency.

Symantec advises users who can't install the patch immediately to disable the Firewall Authentication Proxy for FTP and Telnet Sessions or limit access to the service to trusted hosts and networks.

2 comments

Join the conversation!
Add your comment
Isn't this old news?
Didn't Cnet news already report on this matter last month where some hackers found the exploit and were trying to map it out so that Cisco could fix it? I remember reading that Cisco denied that the problem even existed and were trying to either sue or have the hackers arrested...My memory isn't what it used to be.
Posted by thedreaming (573 comments )
Reply Link Flag
No
This is not the same exploit, this is another. Surprised? Not me. Logic that goes into programming this stuff always has some sort of flaw, if you're bright enough, you can always come up with new logic that will exploit a whole in the developer's logic. Nobody is perfect, multiple heads is not always better than 1, it only takes 1 person to think outside the outside of the perverbial box.
Posted by (9 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.