[Fair Use: For Educational and Research Purposes Only]

Cisco Router Software Glitch Opens Security Hole

By Ann Harrison

Computerworld, 06/29/00

A defect in several versions of Cisco's Internet Operating System (IOS) can cause the company's routers to crash when they are tested for vulnerabilities by security scanning software.

According to an advisory issued by Cisco Systems Inc. in San Jose, the defect can be exploited to produce a consistent denial-of-service attack. The vulnerability can only be exploited if the Telnet service is configured on the affected system and reachable from the attacker's computer.

Users running Cisco IOS software versions 11.3AA, 12.0(2) up to and including 12.0(6), and 12.0(7) are vulnerable with the exception of 12.0(7)S, 12.0(7)T and 12.0(7)XE.

The vulnerability affects Cisco AS5200, AS5300 and AS5800 series access servers and 7200 and 7500 series routers if they are running flawed software.

"Customers using the affected Cisco IOS software releases are urged to upgrade as soon as possible to later versions that are not vulnerable to this defect," read the advisory. Officials from the company weren't available for comment. The security advisory said customers without upgrade contracts could obtain free upgrades via the Cisco Technical Assistance Center.

Since not all affected software releases have been patched, the company is directing users to suggested workarounds also listed on the advisory. Cisco noted in the advisory that there have been no reports of a malicious exploitation of this vulnerability.

http://www.nwfusion.com/news/2000/0629ciscoglitch.html

-- (Dee360Degree@aol.com), June 29, 2000