Cisco IOS flaw prompts Symantec to raise threat level

By Bill Brenner, News Writer 08 Sep 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Cisco has issued a fix for a high-risk security hole in its Internetwork Operating System (IOS), which attackers could exploit to cause a denial of service or launch malicious code. Since IOS runs on the San Jose, Calif.-based networking giant's routers and switches -- a significant part of the Internet's infrastructure -- Cupertino, Calif.-based antivirus giant Symantec has raised its global threat index to Level 2.

"Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term," Symantec researchers wrote in an alert to its DeepSight Threat Management System customers.

More on Cisco's other IOS challenges: Security researcher causes furor by releasing flaw in Cisco Systems IOS   Cisco, Black Hat litigation comes to a close

In its advisory, Cisco said its IOS software "is vulnerable to a denial of service and potentially an arbitrary code execution attack when processing the user authentication credentials from an Authentication Proxy Telnet/FTP session. To exploit this vulnerability an attacker must first complete a TCP connection to the IOS device running affected software and receive an auth-proxy authentication prompt."

Devices running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface:

• 12.2ZH and 12.2ZL based trains
• 12.3 based trains
• 12.3T based trains
• 12.4 based trains
• 12.4T based trains

"To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner," Cisco said. "Cisco IOS software will identify itself as 'Internetwork Operating System Software' or simply 'IOS.' On the next line of output, the image name will be displayed between parentheses, followed by 'Version' and the Cisco IOS release name. Other Cisco devices will not have the show version command, or will give different output."

The advisory outlines fixes available to those who are affected.

Symantec's advisory offered the following suggestions:

• Block external access at the network boundary, unless service is required by external parties.
• Block external access to the device if possible. Only allow connections from trusted hosts and networks.
• Deploy network intrusion detection systems to monitor network traffic for malicious activity.
• Examine IDS logs regularly for signs of attempted exploitation.

Tags: Network Device Management,  Network Firewalls, Routers and Switches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Device Management Researchers find thousands of flawed embedded devices Is there a way to block iPhone widgets that bypass Web filters? Will an application usage policy best control network bandwidth? What is the difference between static and dynamic network validation? How to manage network bandwidth with distributed ISP bandwidth DNSSEC deployments gain momentum since Kaminsky DNS bug Firewall rule management best practices What are best practices for fiber optic cable security? The requirements for being a PCI DSS-compliant service provider Enterprise UTM security: The best threat management solution? Network Firewalls, Routers and Switches Best Network Firewall Products What is the difference between static and dynamic network validation? Screencast: Smoothwall offers firewall defense in lean times New Cisco IOS bugs pose tempting targets, says Black Hat researcher How to implement virtual firewalls in a complex network infrastructure How to manage network bandwidth with distributed ISP bandwidth Firewall rule management best practices Should enterprises be running multiple firewalls? What are the disadvantages of proxy-based firewalls? IT pros find corporate firewall rules tough to navigate

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary OCSP  (SearchSecurity.com) trusted computing base  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary