Alerts
Cisco IOS IPv4 Interface Blocking Denial of Service
Date:
July 17, 2003
Severity:
High
Systems Affected:
This vulnerability affects all Cisco devices running a vulnerable version of the Cisco IOS software. Please refer to the Cisco advisory link below for a list of vulnerable versions.
Overview:
This critical flaw allows an attacker to cause a Cisco device to stop responding to traffic by sending a special sequence of malformed IPv4 packets. This could potentially amount to a denial-of-service attack against the entire network served by the Cisco device.
Cisco IOS is the operating system running on the majority of Cisco routers and switches. Cisco has a large market share (over 80%) and most devices are IPv4-enabled due to the lack of widespread IPv6 support. Entire networks often depend on Cisco devices in order to route traffic between segments of the network and the Internet. A denial-of-service attack against an affected Cisco device would prevent traffic from flowing into or out of the network, and may ultimately cause the network to fail entirely.
Detection:
Retina Audits
Retina has been updated to check for the existence of this Cisco vulnerability. The related Retina vulnerability check is named "Cisco IOS IPv4 Input Queue Blocking Denial-of-Service". This check is available in Retina 4.9.102 and higher.
To learn more about other eEye Digital Security offerings, visit www.eEye.com.
Prevention:
Apply the software upgrade indicated in the following Cisco Security Advisory as appropriate for your versions of IOS:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
This alert was last updated on July 17, 2003.
July 17, 2003
Severity:
High
Systems Affected:
This vulnerability affects all Cisco devices running a vulnerable version of the Cisco IOS software. Please refer to the Cisco advisory link below for a list of vulnerable versions.
Overview:
This critical flaw allows an attacker to cause a Cisco device to stop responding to traffic by sending a special sequence of malformed IPv4 packets. This could potentially amount to a denial-of-service attack against the entire network served by the Cisco device.
Cisco IOS is the operating system running on the majority of Cisco routers and switches. Cisco has a large market share (over 80%) and most devices are IPv4-enabled due to the lack of widespread IPv6 support. Entire networks often depend on Cisco devices in order to route traffic between segments of the network and the Internet. A denial-of-service attack against an affected Cisco device would prevent traffic from flowing into or out of the network, and may ultimately cause the network to fail entirely.
Detection:
Retina Audits
Retina has been updated to check for the existence of this Cisco vulnerability. The related Retina vulnerability check is named "Cisco IOS IPv4 Input Queue Blocking Denial-of-Service". This check is available in Retina 4.9.102 and higher.
To learn more about other eEye Digital Security offerings, visit www.eEye.com.
Prevention:
Apply the software upgrade indicated in the following Cisco Security Advisory as appropriate for your versions of IOS:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
This alert was last updated on July 17, 2003.
