Number:IRCNE2014032139
Date: 2014-03-27
According to “computerworld”, Cisco Systems released security updates for its IOS software used on routers, switches and other networking gear to fix seven vulnerabilities that could be exploited by attackers to hurt the performance of affected devices or force them to reboot.
The newly released IOS versions contain patches for two vulnerabilities identified in the software's Network Address Translation (NAT) feature that's commonly used in routing scenarios. One vulnerability could be exploited by sending malformed DNS packets to be processed and translated by an affected device and the other by sending certain sequences of TCP packets.The Cisco IOS XR and Cisco IOS XE software families are not affected by these two NAT vulnerabilities.
A separate vulnerability was identified and patched in the IP version 6 (IPv6) protocol stack implementation in Cisco IOS and Cisco IOS XE software, Cisco said in an advisory.
Another vulnerability was found and patched in the Secure Sockets Layer (SSL) VPN subsystem of the Cisco IOS software. The flaw allows an attacker to consume the memory of an affected device by submitting crafted HTTPS requests. This could impact the device's performance, could cause certain processes to fail or could lead to a device restart.The Cisco IOS XE and Cisco IOS XR software is not affected by this vulnerability and neither is the Cisco ASA 5500 Series Adaptive Security Appliance.
A sixth vulnerability was found in the Session Initiation Protocol (SIP) implementation in Cisco IOS and Cisco IOS XE. SIP is widely used for establishing multimedia communications like voice and video calls over the Internet.
The vulnerability only affects devices configured to process SIP messages and running Cisco IOS 15.3(3)M and 15.3(3)M1 or Cisco IOS XE 3.10.0S and 3.10.1S1, Cisco said in an advisory.
The last denial-of-service vulnerability patched Wednesday affects only IOS software running on the RSP720-3C-10GE and RSP720-3CXL-10GE models of the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks.The Cisco IOS XE and IOS XR software is not affected by this vulnerability.
- 6