Cisco Warns Routers And Switches Are Vulnerable To Denial Of Service Attacks
Cisco releases an advisory warning that certain devices running IOS Version 12.2S can be disabled by hackers.
November 11, 2004
Cisco has warned that some of its switches and routers are vulnerable to Denial of Service (DOS) attacks, even if configured properly.
Some Cisco devices running IOS Version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled are vulnerable to DOS attacks when sent specially crafted DHCP packets. Even if the DHCP service or DHCP relay service is not enabled, the router or switch may be vulnerable, Cisco warned.
The vulnerability is caused by a flaw in the way in which the router and switch software handles DHCP packets. According to a Cisco advisory, if irregular DHCP packets are sent designed to attack the device, the packets "will remain in the queue instead of being dropped. If a number of packets are sent that equal the size of the input queue, no more traffic will be accepted on that interface." That means that the device will no longer function, and will not perform routing or switching functions.
The following devices are affected, if they are running a branch of IOS version 12.2S:
7200, 7300 and 7500 routers
2650, 2651, 2650XM and 2651XM Multiservice platforms
ONS15530 and ONS15540 optical platforms
Catalyst 4000 switcehs with Sup2plus, Sup3, Sup4 and Sup5 modules
Catalyst 4500 switches with Sup2Plus TS modules
Catalyst 4948, 2970, 3560, and 3750 switches
Catalyst 6000, Sup2/MSFC2 and Sup720/MSFC3 modules
7600 routers with Sup2/MSFC2 and Sup720/MSFC3 modules
Cisco devices that do not run IOS software are not affected by the vulnerability. Additionally, Cisco devices running Cisco IOS software with the command no service dhcp enabled are not affected.
Cisco has released a software patch to fix the problem, and published workarounds. For details, see Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service.
You May Also Like