Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cisco fixes denial-of-service flaws in IOS software for networking devices

Lucian Constantin | March 28, 2014
Seven vulnerabilities that could lead to device reboots and other performance issues were patched in various IOS components

A sixth vulnerability was found in the Session Initiation Protocol (SIP) implementation in Cisco IOS and Cisco IOS XE. SIP is widely used for establishing multimedia communications like voice and video calls over the Internet.

The vulnerability only affects devices configured to process SIP messages and running Cisco IOS 15.3(3)M and 15.3(3)M1 or Cisco IOS XE 3.10.0S and 3.10.1S1, Cisco said in an advisory. The vulnerability was addressed in Cisco IOS 15.3(3)M2 and Cisco IOS XE 3.10.2S.

The last denial-of-service vulnerability patched Wednesday affects only IOS software running on the RSP720-3C-10GE and RSP720-3CXL-10GE models of the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks.

The vulnerability is due to an issue with the device's onboard Kailash FPGA versions prior to 2.6, Cisco said in an advisory. "An attacker could exploit this vulnerability by sending crafted IP packets to or through the affected device. An exploit could allow the attacker to cause the route processor to no longer forward traffic or reboot."

The advisory contains a table with the IOS software versions that are vulnerable and the corresponding patched releases. The Cisco IOS XE and IOS XR software is not affected by this vulnerability.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.