Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cisco issues security fixes for 16 vulnerabilities in its IOS software

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 15, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Cisco said this morning that it has issued a whole slew of new security patches for no less than sixteen vulnerabilities including a patch for a possible remote code execution in its IOS and IOS XE routing software.

To be sure, the security fixes address numerous security conditions caused by faulty packets.

One security issue, rated severity 8.3, allows attackers to gain remote code execution in IOS XE by sending a crafted packet that allows malicious code to run on the affected Cisco routers.

Worse, attackers could also send crafted packets to trigger distributed denial of service (DDoS) attacks.

"A security vulnerability in the AppNav component of Cisco IOS XE Software could also allow an unauthenticated, remote attacker to cause an affected device to reload and may allow arbitrary code execution on the affected system," Cisco said in its security advisory.

"The vulnerabilities are due to improper processing of crafted TCP packets. An attacker could exploit this issue by sending a crafted TCP packet that needs to be processed by the AppNav component configured on an affected device," Cisco said.

"An exploit could allow the attacker to cause an affected device to reload or execute arbitrary code in the forwarding engine," the company added.

Another patch addresses security holes that allow attackers to spoof Autonomic Networking Registration Authority (ANRA) responses thanks to lax message validation in the IOS software.

"A successful exploit could allow an attacker to bootstrap a device into an untrusted autonomic domain, gaining limited command and control of the ANRA node, causing a denial of service condition and disrupting access to the legitimate autonomic domain," Cisco says added.

Further vulnerabilities coupled in that security advisory lead to denial of service conditions.

This occurs because the headers are not typical of normal operation and there are no work-arounds for the security flaw meaning that affected systems will require the patch.

"A security vulnerability in IP version 6's processing code for Cisco IOS XR Software (Carrier Routing System) could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit and a reload of the line card processing an IPv6 packet," Cisco said in the advisory.

The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation.

An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic.

That exploit can cause a reload of the line card triggering repeated denial of service through transit traffic or data destined for the device.

Affected Cisco IOS XR versions include 4.0.1; 40.2; 4.0.3; 4.0.4; 4.1.0; 4.1.1; 4.1.2, and 4.2.0. However, IOS XR Release 4.2.1 and later are not affected.

Source: Cisco.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer