Cisco IOS flaw prompts Symantec to raise threat level

Bill Brenner

Cisco has issued a fix for a high-risk security hole in its Internetwork Operating System (IOS), which attackers could exploit to cause a denial of service or launch malicious code. Since IOS runs on the San Jose,

    Requires Free Membership to View

Calif.-based networking giant's routers and switches -- a significant part of the Internet's infrastructure -- Cupertino, Calif.-based antivirus giant Symantec has raised its global threat index to Level 2.

"Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term," Symantec researchers wrote in an alert to its DeepSight Threat Management System customers.

More on Cisco's other IOS challenges:

Security researcher causes furor by releasing flaw in Cisco Systems IOS


Cisco, Black Hat litigation comes to a close

In its advisory, Cisco said its IOS software "is vulnerable to a denial of service and potentially an arbitrary code execution attack when processing the user authentication credentials from an Authentication Proxy Telnet/FTP session. To exploit this vulnerability an attacker must first complete a TCP connection to the IOS device running affected software and receive an auth-proxy authentication prompt."

Devices running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface:

  • 12.2ZH and 12.2ZL based trains
  • 12.3 based trains
  • 12.3T based trains
  • 12.4 based trains
  • 12.4T based trains

"To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner," Cisco said. "Cisco IOS software will identify itself as 'Internetwork Operating System Software' or simply 'IOS.' On the next line of output, the image name will be displayed between parentheses, followed by 'Version' and the Cisco IOS release name. Other Cisco devices will not have the show version command, or will give different output."

The advisory outlines fixes available to those who are affected.

Symantec's advisory offered the following suggestions:

  • Block external access at the network boundary, unless service is required by external parties.
  • Block external access to the device if possible. Only allow connections from trusted hosts and networks.
  • Deploy network intrusion detection systems to monitor network traffic for malicious activity.
  • Examine IDS logs regularly for signs of attempted exploitation.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: