Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco is back, so you can go read up on their new advisories (<--- See! English) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco is back, so you can go read up on their new advisories (<--- See! English)

Here they are:

1: Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass Vulnerability
2: Cisco Security Advisory: Cisco IOS Next Hop Resolution Protocol Vulnerability
3: Cisco Security Advisory: Cisco IOS Information Leakage Using IPv6 Routing Header
4: Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager

Issue 1:
IOS has the capability to act as an SCP server (through the addition of the IOS Secure Copy Server service).  There is a flaw in this service that allows any valid user to access any file on the Cisco device (including device configuration files).

Issue 2:
There is an issue with Cisco's implementation of the Next Hop Resolution Protocol (NHRP) that could potentially cause a device restart or (possibly) code execution on the device.  The issue affects NHRP running at all layers (Layer 2, GRE / mGRE, or at the IP layer).

Issue 3:
Specially crafted IPv6 packets with a type 0 routing header can cause information leakage or a crash of the affected IOS or IOS XR devices. 

Issue 4:
There are issues with voice-related vulnerabilities in multiple protocols [Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), Signaling protocols H.323, H.254, Real-time Transport Protocol (RTP), and Facsimile reception]. These issues affect IOS (if voice services are enabled) and one (SIP related) is found in Cisco Unified Communications Manager.

Mitigating issues:

1: Not much... user needs a login, but after that, it's pretty much game-over.
2: Layer 2 only... attacker needs to be on the same link
3: Only the IPv6 subsystem crashes... IPv4 appears (from the advisory) to still function
4: Uh... not much... patch this 'un now.. The others can potentially wait for testing, this one can't.

If you're doing VoIP stuff w/Cisco hardware, then Issue #4 is a definite must-do... other than that, prioritizing these is difficult because they all are very "configuration-centric."  Sorry...

Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!