Multiple Security Problems Are Annoying Cisco IOS

A couple of months ago, I informed you that Cisco IOS (originally Internetwork Operating System) has been invaded by cyber criminals. Certain software, used on a majority of Cisco System routers and existing Cisco network switches, has attracted the attention of malicious users once again. This time, they are villainously exploiting not only one but a number of vulnerabilities. One file related to Cisco IOS is cvirta.sys.xp.

Multiple security issues discovered in Cisco IOS can be exploited by vicious users with the purpose of obtaining access to sensitive information, bypass security restrictions, or create a denial of service condition. Can you guess the number of vulnerabilities? Unfortunately, it's not two or three of them. The actual number is eight vulnerabilities. Yes, it sounds awful. Affected products are Cisco IOS 12.x and Cisco IOS XE 2.x. Cisco IOS support Windows 2000/XP/Vista. Some files related to Windows 2000 include: ockodak.dll, dnsmgr.dll and aciniupd.exe.

Let me introduce you to all of these vulnerabilities successively. The first security issue is created by an error in the Network Time Protocol (NTP) version (v4) protocol while dealing with malformed packets, which could result in an affected device reloading. The second security issue is produced by an error in the Zone-Based Policy Firewall SIP inspection feature, while handling a SIP transit packet, which could lead to the reloading of a vulnerable device.

The third security flaw is generated by an error while handling a malicious TCP packet on TCP port 443 (SSLVPN) or TCP port 22 (SSH), which could make an affected device reload. The fourth security problem is produced by an error in the Session Initiation Protocol (SIP) implementation while handling malicious SIP messages, which could be exploited to create a denial of service condition against a device with the Unified Border Element feature allowed. The fifth vulnerability is created by an error in the H.323 implementation when processing malformed packets, which could cause a denial of service.

The sixth flaw is produced by an error within the Object Groups for Access Control Lists (ACLs) feature, which could enable an unauthenticated attacker to bypass access control policies and obtain unauthorized access to resources that should be secured. The seventh issue is made by errors when a device is created for GRE, IPinIP, Generic Packet Tunneling in IPv6 or IPv6 over IP tunnels and Cisco Express Forwarding, which could result in the device reloading upon switching malicious packets.

The last security issue is created by an error in the Internet Key Exchange (IKE) protocol and certificate based authentication method, which could lead to the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions. The solution for all the security issues is to upgrade to the appropriate fixed versions.