Cisco devices vulnerable to frame-based attacks

Edmund X. DeJesus, Contributor

Cisco Systems Inc. warns that software upgrades will be necessary to correct a problem in several models of its network devices.

Without these upgrades, it's possible to cause a denial of service on devices locally; a remote attack is also possible but unlikely.

The vulnerability, which exists in Cisco 6000, 6500 and 7600 series

    Requires Free Membership to View

network devices with Multilayer Switch Feature Card 2 (MSFC2), stems from how they handle certain frames. In the Open System Interconnection (OSI) model, layer 2 represents data link frames and layer 3 represents network packets. Layer 2 frames encapsulate a protocol-independent layer 3 packet.

However, it's possible to create a layer 2 frame whose length is inconsistent with the length of the encapsulated layer 3 packet. The software doesn't handle this situation properly, causing the device to freeze or rest, resulting in a denial of service.

Usually, this is only possible locally, since a router or firewall will normally prevent malicious packets from being transmitted. However, it might be possible to exploit this remotely, in the unlikely situation in which the special layer 2 frames pass through intermediate devices without being clipped.

The problem occurs in systems with a FlexWAN module or OSM module, and in systems running IOS 12.1(8b)E14. There's no workaround, only the software upgrade.


Click here for Cisco advisory.

Click here for Cisco upgrade download.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: