Cisco has warned that some of its switches and routers are vulnerable to Denial of Service (DOS) attacks, even if configured properly.
Some Cisco devices running IOS Version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled are vulnerable to DOS attacks when sent specially crafted DHCP packets. Even if the DHCP service or DHCP relay service is not enabled, the router or switch may be vulnerable, Cisco warned.
The vulnerability is caused by a flaw in the way in which the router and switch software handles DHCP packets. According to a Cisco advisory, if irregular DHCP packets are sent designed to attack the device, the packets "will remain in the queue instead of being dropped. If a number of packets are sent that equal the size of the input queue, no more traffic will be accepted on that interface." That means that the device will no longer function, and will not perform routing or switching functions.
The following devices are affected, if they are running a branch of IOS version 12.2S:
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.
By arming SD-WAN networks with end-to-end intelligence, analytics-driven predictions, and predictive automation solutions, IT teams can simplify infrastructure management and assure higher levels of quality experiences for users.
