Cisco splats router bug that can lead to persistent DoS

Cisco has patched a vulnerability that affects Cisco ASR 9000 Series Aggregation Services Routers and can be exploited by a remote, unauthenticated attacker to effectively mount a denial of service attack either by locking up the device or making it reload its network processor chip and line card.

The vulnerability, present in the packet-processing code of Cisco IOS XR Software, can be exploited by sending IPv4 packets through an affected device that is configured to route them via the bridge-group virtual interface (BVI) interface. IPv6 packets, or IPv4 packets directed to an affected device, will not trigger it.

Only Cisco ASR 9000 Series Routers with Typhoon-based line cards are affected by this vulnerability, and only if the device is configured to route traffic via the BVI and has Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs) configured.

Cisco has explained how to check for the existence of this conditions in a security advisory released on Wednesday, and notes that a software update is necessary to patch the hole (they provide it), as no workarounds or mitigations are currently available.

The good news is that the flaw is not currently exploited in the wild.

Also on Wednesday, the company has warned about a serious command execution vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop software.

“The Cache Cleaner feature has been deprecated since November 2012. Cisco Secure Desktop packages that include the affected .jar files have been removed and are no longer available for download,” the company noted, but added that “because Cisco does not control all existing Cisco Secure Desktop packages, customers are advised to ensure that their Java blacklist controls have been updated to avoid potential exploitation.”

“Because the attacker can exploit a vulnerability in the .jar file, which is signed by Cisco, this vulnerability can be exploited against any users and not just against consumers of Cisco Secure Desktop. Cisco has provided the SHA-1 hashes for the affected version of the .jar file that can be used to prevent the exploit via the Java Blacklist Jar feature,” they pointed out.




Share this