Number: IRCNE2014082276
Date: 2014-08-04
According to “computerworld”, Cisco Systems said attackers could disrupt or intercept traffic in many of its networking products unless a new security update is applied to the software they run.
The issue affects the implementation of the Open Shortest Path First (OSPF) routing protocol and its Link State Advertisement (LSA) database in particular. This protocol is used for determining the shortest routing paths inside an Autonomous System (AS) -- a collection of routing policies for IP (Internet Protocol) addresses controlled by ISPs and large organizations.
The OSPF protocol is commonly used on large enterprise networks. It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic.
"This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic," Cisco said in a security advisory.
Exploiting the vulnerability doesn't require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device.
The vulnerability affects networking devices running most versions of Cisco IOS, IOS-XE and NX-OS operating systems if they are configured for OSPF operations. It also affects the software running on the Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM), Cisco Pix Firewall, Cisco Firewall Services Module (FWSM) and the Cisco ASR 5000 carrier class platform.
- 2