Cisco IOS gets fixes for 12 DoS bugs

Cisco released its semi-annual IOS software security advisory bundled publication as part of its bi-annual patch release last week. This IOS patch update includes nine security advisories which cover a total of 13 vulnerabilities, 12 of which are DoS vulnerabilities. The last major IOS patch was released by Cisco in September 2011.These advisories address vulnerabilities in different components of Cisco’s IOS framework, with all the vulnerabilities scoring a CVSS base score between 7.1 and 8.5. The highest scored vulnerability at 8.5 is a command authorization bypass bug in IOS, which may allow arbitrary command execution from a remote application or device while using authentication, authorization and accounting (AAA) authorization.

Download this free guide

UK IT Priorities 2018 survey results

Download this e-guide to discover the results of our 2018 UK IT Priorities survey, where IT leaders shared with us what they are going to be investing in over the coming 12 months.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Cisco IOS Software Zone-Based Firewall suffers from four DoS vulnerabilities that have been patched. All four have a CVSS score of 7.8, and involve the H.323 inspection engine (firewall HTTP inspection engine), a crafted IP packets based bug, and a session initiation protocol engine issue.

Other DoS vulnerabilities are present in in the following IOS software components:

• IOS’s Software Network Address Translation
• IOS’s  Software Internet Key Exchange
• IOS’s Multicast Source Discovery Protocol (MSDP) handling
• IOS’s Smart Install feature
• IOS and IOS XE Secure Shell (SSH) server implementation
• IOS and IOS XE Software RSVP bug on devices configured with VRF (VPN routing and forwarding) instances
• Multiple vulnerabilities in Cisco IOS Software Traffic Optimization Features.

The consolidated advisory is available here. Cisco’s IOS software checker tool can be used to check if a particular IOS software release is vulnerable. This tool does not support IOS XE and interim builds of the IOS platform.

Follow @SearchSecIN