Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco Warns Routers And Switches Are Vulnerable To Denial Of Service Attacks

Cisco has warned that some of its switches and routers are vulnerable to Denial of Service (DOS) attacks, even if configured properly.

Some Cisco devices running IOS Version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled are vulnerable to DOS attacks when sent specially crafted DHCP packets. Even if the DHCP service or DHCP relay service is not enabled, the router or switch may be vulnerable, Cisco warned.

The vulnerability is caused by a flaw in the way in which the router and switch software handles DHCP packets. According to a Cisco advisory, if irregular DHCP packets are sent designed to attack the device, the packets "will remain in the queue instead of being dropped. If a number of packets are sent that equal the size of the input queue, no more traffic will be accepted on that interface." That means that the device will no longer function, and will not perform routing or switching functions.

The following devices are affected, if they are running a branch of IOS version 12.2S:

  • 7200, 7300 and 7500 routers
  • 2650, 2651, 2650XM and 2651XM Multiservice platforms
  • ONS15530 and ONS15540 optical platforms
  • Catalyst 4000 switcehs with Sup2plus, Sup3, Sup4 and Sup5 modules
  • Catalyst 4500 switches with Sup2Plus TS modules
  • Catalyst 4948, 2970, 3560, and 3750 switches
  • Catalyst 6000, Sup2/MSFC2 and Sup720/MSFC3 modules
  • 7600 routers with Sup2/MSFC2 and Sup720/MSFC3 modules
  • 1