September 7, 2005 4:35 PM PDT
New Cisco flaw could pose threat to Net
A vulnerability in Cisco's Internetwork Operating System could be exploited to crash or remotely run malicious code on devices that run IOS, the San Jose, Calif., networking giant warned Wednesday in a security advisory. IOS runs on Cisco's routers and switches, which make up a large portion of the Internet's infrastructure.
"Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code," Cisco said in its advisory. "Repeated exploitation could result in a sustained (denial of service) attack or execution of arbitrary code."
Cisco's warning prompted Symantec to raise its ThreatCon global threat index to Level 2, which means an attack is expected. "Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term," Symantec said in an advisory.
Symantec and Cisco both noted that there are no known exploits or attacks that take advantage of this latest IOS vulnerability. Cisco has software fixes available to correct the problem.
Cisco has had a hot summer when it comes to security. During the Black Hat and Defcon security events in July, researcher Michael Lynn demonstrated he could gain control of a Cisco router by exploiting a known security flaw in IOS. The operating system had until then been perceived as impervious to such attacks.
Cisco and Internet Security Systems--Lynn's employer--had agreed to pull the presentation, but researcher Lynn quit his job and gave the talk anyway. Cisco and ISS sued Lynn after his presentation and hackers rallied behind the researcher.
The vulnerability disclosed on Wednesday doesn't affect all versions of IOS, Cisco said. Furthermore, the vulnerability exists only if the Firewall Authentication Proxy for FTP and Telnet Sessions is in use, Cisco said. That component of IOS handles authentication requests for file transfer and telnet sessions.
Affected are those devices running IOS versions 12.2ZH and 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T, Cisco said. Users can log on to their Cisco device and enter the "show version" command to determine which version of IOS it is running, Cisco said. The company rates the issue as a "medium" urgency.
Symantec advises users who can't install the patch immediately to disable the Firewall Authentication Proxy for FTP and Telnet Sessions or limit access to the service to trusted hosts and networks.
2 commentsJoin the conversation! Add your comment