Apr
12
2013

March 2013: seven Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories:

  • Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
  • Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability
  • Cisco IOS Software IP Service Level Agreement Vulnerability
  • Cisco IOS Software Smart Install Denial of Service Vulnerability
  • Cisco IOS Software Protocol Translation Vulnerability
  • Cisco IOS Software Network Address Translation Vulnerability
  • Cisco IOS Software Internet Key Exchange Vulnerability

Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affected by this vulnerability.

Vulnerable Products
Cisco devices that are running affected Cisco IOS Software versions are vulnerable when Session Initiation Protocol (SIP) application layer gateway (ALG) inspection is configured under the Zone-Based Policy Firewall (ZBFW).

Details
A vulnerability in the Session Initiation Protocol (SIP) inspection feature under the Zone-based Policy Firewall (ZBFW) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a memory leak that would eventually lead to a device reload. This vulnerability is due to incorrect handling of malformed SIP packets. An attacker could exploit this vulnerability by sending malformed SIP messages through the device. An exploit could cause Cisco IOS Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload.

SIP traffic can use UDP port 5060 and TCP ports 5060 and 5061. Network Address Translation (NAT) of SIP traffic is not affected by this issue.

Impact
Successful exploitation of the vulnerability could cause a memory leak on an affected device. Repeated exploitation could cause an affected device to reload, resulting in a denial of service (DoS) condition.

Link: http://tools.cisco.com/…/cisco-sa-20130327-cce

Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability
The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition.

Vulnerable Products
Cisco devices that are running an affected version of Cisco IOS Software or Cisco IOS XE Software are vulnerable when configured with MPLS-TE enabled. A vulnerable configuration will contain the following global configuration command:

mpls traffic-eng tunnels

Only traffic directed to the device will trigger the vulnerability. Transit traffic will not trigger the vulnerability.

Details
The vulnerability is caused by improper handling of a legitimate, but uncommon, traffic engineering PATH message.

Impact
Successful exploitation of the vulnerability may cause an affected device to reload. Repeated exploitation may result in a sustained DoS condition.

Link: http://tools.cisco.com/…/cisco-sa-20130327-rsvp

Cisco IOS Software IP Service Level Agreement Vulnerability
The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Vulnerable Products
Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for the IP SLA general responder feature.

Details
A vulnerability in the implementation of the IP Service Level Agreement general responder feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the vulnerable device. The vulnerability is due to improper validation of IP SLA packets only when they are received on UDP port 1167. An attacker could exploit this vulnerability by sending malformed IP SLA packets addressed to the affected device. An exploit could allow the attacker to cause an extended DoS condition.

Impact
Successful exploitation of the vulnerability may cause a vulnerable device to reload. Continued exploitation will result in a sustained DoS attack.

Link: http://tools.cisco.com/…/cisco-sa-20130327-ipsla

Cisco IOS Software Smart Install Denial of Service Vulnerability
The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable.

Vulnerable Products
Cisco devices that have affected Cisco IOS Software with the Smart Install client feature enabled are vulnerable.

Details
The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The Smart Install client feature uses TCP port 4786 for communication. An established TCP connection with a successful TCP three-way handshake is required to exploit this vulnerability. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition.

Impact
Successful exploitation of the vulnerability could cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition.

Link: http://tools.cisco.com/…/cisco-sa-20130327-smartinstall

Cisco IOS Software Protocol Translation Vulnerability
The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Vulnerable Products
A vulnerable protocol translation configuration occurs when one-step protocol translation is configured, and is using the default incoming connection port number (Telnet port 23). If the one-step protocol translation incoming connection port number is configured for any ports other than the default, the device is not vulnerable.

Details
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of TCP connection information when a vulnerable protocol translation configuration in the affected software is in use. An attacker could exploit this vulnerability by trying to connect to the affected protocol translation resource on the affected device. An exploit could allow the attacker to cause a reload of the affected device.

A TCP three-way handshake is not required to exploit this vulnerability. Transit traffic will not trigger this vulnerability.

Impact
Successful exploitation of the vulnerability may cause the affected device to reload. Continued exploitation will result in a sustained DoS attack.

Link: http://tools.cisco.com/…/cisco-sa-20130327-pt

Cisco IOS Software Network Address Translation Vulnerability
The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Vulnerable Products
Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for VRF-aware NAT.

Details
A vulnerability exists in the VRF-aware NAT implementation of Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a memory starvation condition. The vulnerability issue is due to improper handling of a race condition that leads to a reduction in the available memory in the affected device. An attacker could repeatedly exploit this vulnerability, leading to a DoS condition. This vulnerability can be exploited using IP version 4 (IPv4) packets. A TCP three-way handshake is not required to exploit this vulnerability.

Impact
Successful exploitation of the vulnerability may cause the available memory to be reduced in the affected device. Continued exploitation will result in a sustained denial of service attack, this could lead to the device becoming non-responsive and cause a reload. A sustained peak CPU utilization can be a symptom of this condition and could make the device non-operational.

Link: http://tools.cisco.com/…/cisco-sa-20130327-nat

Cisco IOS Software Internet Key Exchange Vulnerability
The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability.

Vulnerable Products
Determine if the Device is Running an Affected Version of Cisco IOS Software. This vulnerability affects the 15.1GC, 15.1T, and 15.1XB Cisco IOS Software release trains. No other Cisco IOS Software release trains are affected.

Details
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a DoS condition.

Impact
Successful exploitation of the vulnerability may result in a memory leak that can lead to a DoS condition. Memory exhaustion can cause an affected Cisco IOS device to reload or become unresponsive; a power cycle might be required to recover from the condition.

Link: http://tools.cisco.com/…/cisco-sa-20130327-ike

Summary
Article Name
March 2013: seven Cisco vulnerabilities
Description
March 2013: The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories.
Author