Cisco flaw reaches NZ, apparently unsuccessfully

A vulnerability in Cisco Systems' IOS (internetworking operating system) software, widely run on Cisco hardware, hasn't led to any successful attacks anywhere in the world, a Cisco spokesman says.

A vulnerability in Cisco Systems' IOS (internetworking operating system) software, widely run on Cisco hardware, hasn't led to any successful attacks anywhere in the world, a Cisco spokesman says.

However, an attempt to use the weakness to attack a router has been recorded in New Zealand, according to a posting on the nznog (New Zealand network operators group) mailing list.

According to the posting, the attack attempt involved using spoofed addresses to mount multiple attacks on July 18.

Cisco Asia-Pacific corporate affairs director Terry Alberstein says Cisco is "aware that there have been isolated incidences of attempts to exploit the vulnerability, but we have no confirmation of any networks being impacted."

Cisco issued an advisory on July 17 which detailed the vulnerability and provided links to a patch and workarounds.

The nature of the flaw is that Cisco switches and routers running IOS are vulnerable to a denial of service attack when processing IPv4 packets.

According to Cisco's advisory, "a rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic one the input queue is full.

"No authentication is required to process the inbound packet and processing of IPv4 packets enabled by default.

"Devices running only IPv6 are not affected."

With the vast majority of internet devices running IPv4, that leaves most open to attack, but Cisco customers appear to have been quick to patch and workaround the vulnerability.

There is some confusion as to who first identified it, with Cisco claiming its own security testing first threw light on it, but US magazine Network World says the exploit was publicly released by an anonymous individual who emailed it to "prominent security discussion lists".

Network World quoted Dan Ingevaldson, engineering director at security consultant ISS, as saying the code posted on the net exploits the vulnerability contains a small programme written in C that makes it easy to develop an IOS exploit.

"It's probably 200 lines - all it does is give you instructions on how to create an exploit.

"You just point it at a target and it will fire an attack."

Join the newsletter!

Error: Please check your email address.

Tags cisco

More about CiscoCiscoISS Group

Show Comments
[]