Cisco IOS flaw prompts Symantec to raise threat level

Article

Cisco IOS flaw prompts Symantec to raise threat level

Cisco has issued a fix for a high-risk security hole in its Internetwork Operating System (IOS), which attackers could exploit to cause a denial of service or launch malicious code. Since IOS runs on the San Jose,

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Calif.-based networking giant's routers and switches -- a significant part of the Internet's infrastructure -- Cupertino, Calif.-based antivirus giant Symantec has raised its global threat index to Level 2.

"Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term," Symantec researchers wrote in an alert to its DeepSight Threat Management System customers.

More on Cisco's other IOS challenges:

Security researcher causes furor by releasing flaw in Cisco Systems IOS

 

Cisco, Black Hat litigation comes to a close

In its advisory, Cisco said its IOS software "is vulnerable to a denial of service and potentially an arbitrary code execution attack when processing the user authentication credentials from an Authentication Proxy Telnet/FTP session. To exploit this vulnerability an attacker must first complete a TCP connection to the IOS device running affected software and receive an auth-proxy authentication prompt."

Devices running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface:

  • 12.2ZH and 12.2ZL based trains
  • 12.3 based trains
  • 12.3T based trains
  • 12.4 based trains
  • 12.4T based trains

"To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner," Cisco said. "Cisco IOS software will identify itself as 'Internetwork Operating System Software' or simply 'IOS.' On the next line of output, the image name will be displayed between parentheses, followed by 'Version' and the Cisco IOS release name. Other Cisco devices will not have the show version command, or will give different output."

The advisory outlines fixes available to those who are affected.

Symantec's advisory offered the following suggestions:

  • Block external access at the network boundary, unless service is required by external parties.
  • Block external access to the device if possible. Only allow connections from trusted hosts and networks.
  • Deploy network intrusion detection systems to monitor network traffic for malicious activity.
  • Examine IDS logs regularly for signs of attempted exploitation.