|
|
|
>> Cisco IOS Multiple Denial of Service and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Cisco IOS, which could be exploited by attackers to gain knowledge of sensitive information, bypass security restrictions, or cause a denial of service.
The first issue is caused by an error in the Network Time Protocol (NTP) version (v4) protocol when processing malformed packets, which could cause a vulnerable device to reload.
The second vulnerability is caused by an error in the Zone-Based Policy Firewall SIP inspection feature when processing a specific SIP transit packet, which could result in a reload of an affected device.
The third issue is caused by an error when processing a specially crafted TCP packet on TCP port 443 (SSLVPN) or TCP port 22 (SSH), which could cause a vulnerable device to reload.
The fourth vulnerability is caused by an error in the Session Initiation Protocol (SIP) implementation when processing specially crafted SIP messages, which could be exploited to cause a denial of service against a device with the Unified Border Element feature enabled.
The fifth issue is caused by an errot in the H.323 implementation when processing malformed packets, which could cause a denial of service.
The sixth vulnerability is caused by an error within the Object Groups for Access Control Lists (ACLs) feature, which could allow an unauthenticated attacker to bypass access control policies and gain unauthorized access to resources that should be protected.
The seventh issue is caused by errors when a device is configured for GRE, IPinIP, Generic Packet Tunneling in IPv6 or IPv6 over IP tunnels and Cisco Express Forwarding, which could cause the device to reload upon switching specially crafted packets.
The eighth vulnerability is caused by an error in the Internet Key Exchange (IKE) protocol and certificate based authentication method, which may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions.
Affected Products
Cisco IOS 12.x
Cisco IOS XE 2.x
Solution
Upgrade to fixed versions :
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
References
http://www.vupen.com/english/advisories/2009/2759
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
Credits
Vulnerabilities reported by the vendor.
ChangeLog
2009-09-24 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
