Cisco Systems Inc. warns that software upgrades will be necessary to correct a problem in several models of its network devices.
Without these upgrades, it's possible to cause a denial of service on devices locally; a remote attack is also possible but unlikely.
The vulnerability, which exists in Cisco 6000, 6500 and 7600 series network devices with Multilayer Switch Feature Card 2 (MSFC2), stems from how they handle certain frames. In the Open System Interconnection (OSI) model, layer 2 represents data link frames and layer 3 represents network packets. Layer 2 frames encapsulate a protocol-independent layer 3 packet.
However, it's possible to create a layer 2 frame whose length is inconsistent with the length of the encapsulated layer 3 packet. The software doesn't handle this situation properly, causing the device to freeze or rest, resulting in a denial of service.
Usually, this is only possible locally, since a router or firewall will normally prevent malicious packets from being transmitted. However, it might be possible to exploit this remotely, in the unlikely situation in which the special layer 2 frames pass through intermediate devices without being clipped.
The problem occurs in systems with a FlexWAN module or OSM module, and in systems running IOS 12.1(8b)E14. There's no workaround, only the software upgrade.
FOR MORE INFORMATION: