Cisco has eight separate vulnerabilities it patched in its internetwork operating system (IOS) infrastructure product.
Cisco’s Product Security Incident Response Team (PSIRT) released the advisories on the Security Intelligence Operations section of its website.
More than half of the advisories deal with denial of service (DoS) bugs that stem from the configuration of the software. The vulnerabilities involve the Network Time Protocol (NTP) feature, the virtual fragmentation reassembly (VFR) feature for IPv6, the network access translation (NAT) feature, the T1/E1 driver queue and the DCHP implementation of IOS. All could – under the right circumstances – allow an unauthenticated remote hacker to cause a denial of service (DoS) condition, either by sending maliciously crafted packets to the device or getting the device to reload without the users’ consent.
The other three vulnerabilities involve different components in the device.
One ties into IOS’ Zone-Based Firewall (ZBFW) functionality. The ZBFW incorrectly processes some types of HTTP packets when the device is “configured for either Cisco IOS Content Filtering or HTTP application layer gateway inspection.” All a hacker would have to do is send malicious HTTP packets through a device to exploit it.
The second involves a problem in IOS’ Internet Key Exchange (IKE) feature that could lead to a memory leak and device reload. Much like the ZBFW vuln, IKE incorrectly handles malformed IKE packets. Some specially crafted IKE packets could cause the software to not release allocated memory, in turn causing a memory leak.
There is also a wedge vulnerability in the Resource Reservation Protocol (RSVP) feature can allow a hacker to trigger an “interface queue wedge” on the affected device that can lead to loss of connectivity, loss of routing protocol and in some cases, a DoS condition. An interface queue wedge is more or less a vulnerability where packets end up received and queued by IOS but never removed from the queue, stifling the device and causing it to stop working.
While workarounds are available for three of the eight vulnerabilities, the NTP vulnerability, the wedge vulnerability and the T1/E1 vulnerability, Cisco released free software updates that remedy all of the IOS issues.
All of the updates are available on Cisco’s Security Advisories, Responses and Notices page and those deploying the updates should review their software before patching them to make sure their current configurations continue to get support.
Cisco IOS runs on millions of machines globally and is a group of routers, switches and functions that rely on the company’s networking system. It’s the second time this year Cisco released a large batch of patches for the product. The company also released seven patches for the software in March.