Severity: Medium
21 May, 2007
Summary:
- These vulnerabilities affect: Cisco IOS 12.4 devices with SSH enabled
- How an attacker exploits them: By sending specially crafted SSH packets
- Impact: An attacker could repeatedly reboot your Cisco IOS device, keeping it offline for as long as he could sustain his attack
- What to do: Download and install the appropriate Cisco update as soon as possible
Exposure:
Cisco’s IOS software is the operating system that runs on most Cisco routers and switches. The IOS operating system provides network services for managing Cisco devices, and processes the network traffic passing through the device. IOS also ships with an optional SSH server that allows you to securely manage your IOS device via an encrypted Command Line Interface (CLI).
Severity: Medium
21 May, 2007
Summary:
- These vulnerabilities affect: Cisco IOS 12.4 devices with SSH enabled
- How an attacker exploits them: By sending specially crafted SSH packets
- Impact: An attacker could repeatedly reboot your Cisco IOS device, keeping it offline for as long as he could sustain his attack
- What to do: Download and install the appropriate Cisco update as soon as possible
Exposure:
Cisco’s IOS software is the operating system that runs on most Cisco routers and switches. The IOS operating system provides network services for managing Cisco devices, and processes the network traffic passing through the device. IOS also ships with an optional SSH server that allows you to securely manage your IOS device via an encrypted Command Line Interface (CLI).
Today, Cisco released an advisory describing multiple vulnerabilities affecting the SSH server that runs on Cisco IOS devices. Cisco doesn’t describe these flaws in technical detail, but they admit that a remote attacker could exploit them to reboot your IOS device. By repeatedly exploiting these DoS vulnerabilities, an attacker could keep IOS devices, like your gateway router, offline for as long as he could sustain his attack.
One mitigating factor lowers the severity of these vulnerabilities: Cisco IOS does not enable the SSH server by default. Your Cisco IOS devices are only vulnerable to these flaws if you have manually enabled the SSH server. We assume that most Cisco administrators prefer to manage their IOS devices securely, and have enabled SSH for that very reason. Even if you haven’t enabled the SSH server, however, we still suggest you apply Cisco’s update to make sure you (or another staff member) cannot accidentally enable the vulnerable SSH server in the future.
Solution Path:
Cisco has released patches to fix these vulnerabilities. If you use any Cisco device running IOS 12.4 software, you should immediately consult the “Software Versions and Fixes†and “Obtaining Fixed Software†section of Cisco’s advisory to learn which fixes apply to your devices, and how to obtain them.
For All WatchGuard Users:
Since this vulnerability can affect your router, which is typically in front of your WatchGuard firewall, Cisco’s patches are the best solution.
Status:
Cisco has issued patches which fix the problem.