Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - Cisco is back, so you can go read up on their new advisories (<--- See! English) InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco is back, so you can go read up on their new advisories (<--- See! English)

Published: 2007-08-08
Last Updated: 2007-08-08 22:19:56 UTC
by Tom Liston (Version: 1)
0 comment(s)

Here they are:

1: Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass Vulnerability
2: Cisco Security Advisory: Cisco IOS Next Hop Resolution Protocol Vulnerability
3: Cisco Security Advisory: Cisco IOS Information Leakage Using IPv6 Routing Header
4: Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager

Issue 1:
IOS has the capability to act as an SCP server (through the addition of the IOS Secure Copy Server service).  There is a flaw in this service that allows any valid user to access any file on the Cisco device (including device configuration files).

Issue 2:
There is an issue with Cisco's implementation of the Next Hop Resolution Protocol (NHRP) that could potentially cause a device restart or (possibly) code execution on the device.  The issue affects NHRP running at all layers (Layer 2, GRE / mGRE, or at the IP layer).

Issue 3:
Specially crafted IPv6 packets with a type 0 routing header can cause information leakage or a crash of the affected IOS or IOS XR devices. 

Issue 4:
There are issues with voice-related vulnerabilities in multiple protocols [Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), Signaling protocols H.323, H.254, Real-time Transport Protocol (RTP), and Facsimile reception]. These issues affect IOS (if voice services are enabled) and one (SIP related) is found in Cisco Unified Communications Manager.

Mitigating issues:

1: Not much... user needs a login, but after that, it's pretty much game-over.
2: Layer 2 only... attacker needs to be on the same link
3: Only the IPv6 subsystem crashes... IPv4 appears (from the advisory) to still function
4: Uh... not much... patch this 'un now.. The others can potentially wait for testing, this one can't.

If you're doing VoIP stuff w/Cisco hardware, then Issue #4 is a definite must-do... other than that, prioritizing these is difficult because they all are very "configuration-centric."  Sorry...

Keywords:
0 comment(s)
Diary Archives