Cisco Warns of IOS Vulnerabilities

The networking gear maker details a set of security flaws, ranked by researchers as moderately critical, in the intrusion prevention feature of its switch and router operating system.

Cisco Systems confirmed a set of vulnerabilities in the intrusion prevention feature built into the Internetwork Operating System used in many of its popular switches and routers.

According to a security warning published on the San Jose, Calif.-based companys Web site on Feb. 14, multiple vulnerabilities exist in the Cisco FWSM (Firewall Services Module), which can be exploited when the on-board IPS (intrusion prevention system) is processing certain types of traffic.

The problems specifically occur when the system is handling HTTP (hypertext transfer protocol), secure HTTP, SIP (session initiation protocol and SNMP (simple network management protocol) data, Cisco said.

/zimages/1/28571.gifWhat does the U.S. cyber-security czar expect from the IT industry? Click here to read more.

The networking market leader cited seven specific FWSM flaws in the report, along with detailing an additional security feature vulnerability through which its devices ACLs (access control lists)could be corrupted.

The loopholes in affected versions of FWSM could allow hackers to remotely reboot hardware running on IOS, or carry out denial-of-service attacks, while the ACL issue could be used to push unauthorized traffic, such as malware attacks, through the devices.

In its security bulletin, Cisco noted that the vulnerabilities exist independently of each other, and the company said that products affected by one of the flaws may not necessarily be impacted by the others. The IPS feature is turned off by default, the company said.

However, Cisco indicated in its report that the issues are present in all of the 3.0 versions of its Firewall Services Module prior to Release 3.1, with two of the problems also lurking in all 2.0 versions of the product, prior to Version 2.3, including the ACL issue.

The vulnerabilities, for which Cisco has already issued a patch and several workarounds, are present in more than 25 versions of IOS, specifically in the 12.3 and 12.4 releases of the operating system.

Among the specific devices affected by the vulnerabilities are Ciscos PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, according to the company.

Researchers with security software maker Secunia, based in Copenhagen, Denmark, rated the Cisco IOS flaws as "moderately critical," the firms third most-severe vulnerability ranking.

The new batch of IOS vulnerabilities marks only the latest in a series of weak points recently isolated on the operating system. On Jan. 25, Cisco reported three additional problems in IOS that could be used by attackers to interrupt service of devices running on the software, or run malware programs on affected equipment.

Cisco has already made patches available for all known vulnerabilities in IOS.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.