A week after Cisco
a vulnerability in its Internetwork Operating System (IOS) Software Embedded Call Processing Solutions, the company has, thrice again, been hit.
A trio of potential Denial-of-Service (DoS) vulnerabilities has been reported
in the IOS that involves issues with the way it handles
Multi Protocol Label Switching (MPLS) packet processing, IPv6
and the Border Gateway Protocol
vulnerabilities, the potential end result is the same.
In each case the
vulnerability could potentially be exploited to cause the device that
uses the Cisco IOS to reload, which could lead to a sustained
“Since devices running IOS may transit
traffic for a number of other networks, the secondary impacts of a
Denial of Service may be severe,” the US-CERT
The MPLS vulnerability
allows improperly formed MPLS packets to
cause the device reload. MPLS is a vendor-independent protocol for
integrating layer 2 information into layer 3. Cisco notes in its advisory
that routers running the IOS that support MPLS are vulnerable to a DoS attack on MPLS-disabled interfaces.
The flaw affects products that
support MPLS running a vulnerable version of IOS:
- 2600 and 2800 series routers;
- 3600, 3700 and 3800 series routers;
- 4500 and 4700 series routers; and
- 5300, 5350 and 5400 series Access Servers.
The IPv6 vulnerability
is exploited by “crafted” IPv6 packets.
The vulnerability affects both logical and physical Cisco interfaces running
a vulnerable version of the IOS that are configured for IPv6. The vulnerability is
also exploited even if IPv6 is not running globally.
“A router that has IPv6 enabled on a physical or logical interface is
vulnerable to this issue even if IPv6 unicast routing is globally disabled,”
the Cisco advisory states.
BGP packet vulnerability,
like the MPLS and IPv6 vulnerabilities,is rooted in a
malformed packet issue. The malformed packets may not necessarily come from a
malicious source, according to Cisco’s advisory. Also, the bug may be
triggered by other means that are not considered remotely exploitable.
“Malformed packets may not come from malicious sources; a valid peering device
such as another BGP speaking router which produces the specific malformed packet
in error may trigger this behavior,” the advisory states.
The BGP flaw affects any unfixed version of the Cisco IOS (Including 9.x, 10.x, 11.x and 12.x)
running on a device configured for BGP routing running with a particular
command (bgp log-neighbor-changes).
Cisco has published workarounds and patches for all of the issues, and they’re
available via normal Cisco update channels.