Cisco released its semi-annual IOS software security advisory bundled publication as part of its bi-annual patch release last week. This IOS patch update includes nine security advisories which cover a total of 13 vulnerabilities, 12 of which are DoS vulnerabilities. The last major IOS patch was released by Cisco in September 2011.These advisories address vulnerabilities in different components of Cisco’s IOS framework, with all the vulnerabilities scoring a CVSS base score between 7.1 and 8.5. The highest scored vulnerability at 8.5 is a command authorization bypass bug in IOS, which may allow arbitrary command execution from a remote application or device while using authentication, authorization and accounting (AAA) authorization.
Cisco IOS Software Zone-Based Firewall suffers from four DoS vulnerabilities that have been patched. All four have a CVSS score of 7.8, and involve the H.323 inspection engine (firewall HTTP inspection engine), a crafted IP packets based bug, and a session initiation protocol engine issue.
Other DoS vulnerabilities are present in in the following IOS software components:
- IOS’s Software Network Address Translation
- IOS’s Software Internet Key Exchange
- IOS’s Multicast Source Discovery Protocol (MSDP) handling
- IOS’s Smart Install feature
- IOS and IOS XE Secure Shell (SSH) server implementation
- IOS and IOS XE Software RSVP bug on devices configured with VRF (VPN routing and forwarding) instances
- Multiple vulnerabilities in Cisco IOS Software Traffic Optimization Features.
The consolidated advisory is available here. Cisco’s IOS software checker tool can be used to check if a particular IOS software release is vulnerable. This tool does not support IOS XE and interim builds of the IOS platform.