Sysadmins can get themselves ready for a busy Cisco “patch Thursday”, after the Borg lobbed six patches out the door to deal with a range of denial-of-service (DoS) vulnerabilities in IOS.
The vulnerabilities – see here for a single list – are all scored a CVS base score better than 7 as being remotely exploitable without authentication. Most boil down to how various bits of IOS handle (or don’t handle) malformed packets.
Taking them one-by-one:
- SIP DoS in IOS – Some SIP messages, even though they’d be considered “well-formed”, can trigger a device reload. IOS XE Software release 3.10.0S and 3.10.1S are affected and a fix is available.
- Key exchange module – the Internet Key Exchange module, IKEv2, can be crashed with a malformed packet. Customers are advised to upgrade to a non-vulnerable version of IOS XE.
- IOS NAT – Malformed DNS packets can crash the NAT in various IOS versions. Fixed versions are available.
- IOS SSL VPNs – the SSL subsystem in IOS is vulnerable to crafted HTML requests “designed to consume memory to an affected device”. Various IOS 15.1, 15.2, 15.3 and 15.4 releases are affected, with fixes available.
- IOS and IOS XE IPv6 stack – can be crashed with crafted IPv6 packets, with fixes available.
- 7600 Switch Processor with 10 Gbps Ethernet uplinks – crafted IP packets can crash the Kailash FPGA in versions prior to 2.6, with fixes available.
Happy network patch day, network admins!®