News Stay informed about the latest enterprise technology news and product updates.

Exploit code lurks for Cisco flaw

The Cisco IOS flaw became more dangerous over the weekend as the code to exploit it was posted on public mailing lists.

Code that exploits a recently revealed flaw in Cisco's router operation system is publicly available, so now it's up to network administrators to patch their systems or face attack.

There have been isolated reports over the weekend of attackers trying to exploit the vulnerability, which is in Cisco's network operating system, IOS, when processing IP version 4 (IPv4) packets. More than 100 of Cisco's products are susceptible including routers and switches.

ISPs are taking the flaw seriously and are patching their systems. "We have not seen the huge blackouts that would have occurred if they hadn't started to address the issue," said Dave Cole, director of products at Foundstone Inc., Mission Viejo, Calif. "The urgency to patch systems has certainly increased because the exploit is now available."

The Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh has issued an advisory because the exploit code was posted to some Internet mailing lists. Symantec and Internet Security Systems have both raised their threat levels for the vulnerability because of the code's release.

In general, the release of exploit code increases the danger of vulnerabilities as it allows people with limited technical savvy to take advantage of the flaws. Instead of having to write the precise packets needed to attack the flaw, a would-be attacker would only have to cut and paste the information from the Internet. In the case of the Cisco vulnerability, exploiting it would trigger a denial-of-service attack that could shut down Web sites and network access points.

Exploiting the vulnerability requires sending some specially crafted IPv4 packets to affected systems. The packets would trick the systems into thinking they are full. The routers and switches would then stop processing traffic, which would render Web servers and other network-dependent systems inaccessible.

The release of the exploit code wasn't surprising given the fact that advisories give would-be attackers the information they need to create the code, Cole said. "The real question is whether people would have enough time to perform upgrades to their systems."

FOR MORE INFORMATION: news exclusive: "Fix for Cisco flaw will be tricky"

Cisco's security bulletin (including the patch)

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.