In the last 2 weeks, three new security advisory has been published by PSIRT: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities, Cisco Unified Communications Manager Denial of Service Vulnerabilities and Firewall Services Module Crafted ICMP Message Vulnerability.
1) Cisco IOS XR Software Border Gateway Protocol Vulnerabilities
Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature. These vulnerabilities include:
- Cisco IOS XR Software will reset a BGP peering session when receiving a specific invalid BGP update.
The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. This vulnerability was disclosed in revision 1.0 of this advisory.
- Cisco IOS XR BGP process will crash when sending a long length BGP update message
When Cisco IOS XR sends a long length BGP update message, the BGP process may crash. The number of AS numbers required to exceed the total/maximum length of update message and cause the crash are well above normal limits seen within production environments.
- Cisco IOS XR BGP process will crash when constructing a BGP update with a large number of AS prepends
If the Cisco IOS XR BGP process is configured to prepend a very large number of Autonomous System (AS) Numbers to the AS path, the BGP process will crash. The number of AS numbers required to be prepended and cause the crash are well above normal limits seen within production environments.
To determine the Cisco IOS XR Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to “Cisco IOS XR Software”. The software version is displayed after the text “Cisco IOS XR Software”.
These vulnerabilities affect Cisco IOS XR devices running affected software versions and configured with the BGP routing feature.
Successful exploitation of these vulnerabilities may result in the continuous resetting of BGP peering sessions, or the continuous resetting of the BGP process itself. This may lead to routing inconsistencies and a denial of service for those affected networks.
2) Cisco Unified Communications Manager Denial of Service Vulnerabilities
Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities.
The following products are affected by vulnerabilities described in this advisory:
- Cisco Unified Communications Manager 4.x
- Cisco Unified Communications Manager 5.x
- Cisco Unified Communications Manager 6.x
- Cisco Unified Communications Manager 7.x
Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.
Successful exploitation of the vulnerabilities described in this advisory could result in the interruption of voice services. To restore voice services, affected Cisco Unified Communications Manager services may require a manual restart.
3) Firewall Services Module Crafted ICMP Message Vulnerability
A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages. There are no known instances of intentional exploitation of this vulnerability. However, Cisco has observed data streams that appear to trigger this vulnerability unintentionally. Cisco has released free software updates that address this vulnerability.
All non-fixed 2.x, 3.x and 4.x versions of the FWSM software are affected by this vulnerability. To determine the version of the FWSM software that is running, issue the show module command-line interface (CLI) command from Cisco IOS Software or Cisco Catalyst Operating System Software to identify what modules and sub-modules are installed in the system.
A vulnerability exists in the Cisco FWSM Software that may cause the FWSM to stop forwarding traffic between interfaces, or stop processing traffic that is directed at the FWSM (management traffic) after multiple, crafted ICMP messages are processed by the FWSM. Any traffic that transits or is directed towards the FWSM is affected, regardless of whether ICMP inspection (inspect icmp command under Class configuration mode) is enabled.
Successful exploitation of the vulnerability may cause the FWSM to stop forwarding traffic between interfaces (transit traffic), and stop processing traffic directed at the FWSM (management traffic). If the FWSM is configured for failover operation, the active FWSM may not fail over to the standby FWSM.