Cisco Issues Fixes For IOS/IOS XE Software

Cisco Systems has released seven security notes with a range of software fixes for network devices that run its IOS and IOS XE operating systems.

Dubbed an IOS Software Security Bundled Publication, It’s the first time the company has released a bundle of notices for both pieces of software as part of its twice a year vulnerability notifications.
The advisories cover

• Autonomic Network Infrastructure (ANI)
• Common Industrial Protocol (CIP)
• Multicast Domain Name System (mDNS)
• TCP
• Virtual Routing and Forwarding (VRF)
• Internet Key Exchange Version 2 (IKEv2)
• Cisco IOS XE Software

The ANI function of God and IOS XE - available on the Cisco ASR 901, 901S and 903 Series Aggregation Services Router and the Cisco ME 3600 Ethernet 3600X and 3800X Series access switches - have several vulnerabilities that could allow an attacker remote authenticated user to cause a denial of service (DoS) or acquire the status of limited command and control device, says one report. A software fix is available.

Vulnerability in iOS VRF subsystem could allow an unauthenticated, remote attacker to cause a denial of service, an aide said. That routers have only one or more physical interfaces assigned to a VRF are interested.

Problem IKE version 2 is due to the inability to properly process malicious version 4 (ICMP) ICMPv4 messages received in a VRF enabled interface. An attacker could exploit this vulnerability could this ICMPv4 Sending messages designed to trigger the vulnerability of an affected device. When messages are processed ICMPv4, interface packet queue in question cannot be canceled, resulting in a wedge tail. When a wedge happens, the affected device will stop processing packets received on the bond. A software update is-was released.

IKEv2 is automatically enabled on devices with iOS / IOS XE When the Internet Security Association and Key Management Protocol (ISAKMP) is activated. These vulnerabilities can only be activated by sending malformed packets IKEv2.

Implementation of the function IOS Common Industrial Protocol (CIP) contains UDP and TCP DoS vulnerability and a vulnerability CIP TCP packet processing predisposed when packets can be exploited by an attacker memory. A software update will fix it.

On another issue, Cisco [Nasdaq: CSCO] He said that a vulnerability in the function of gate DNS link multicast to any device with Certain versions of IOS / IOS XE could allow an unauthenticated, remote attacker to reload the vulnerable device due to improper validation mDNS packets. The solution is to upgrade to a current version of the operating systems.

The vulnerability is due to improper use TCP UN Certain packages predisposed sequences used in the creation of a TCP three-way handshake. It could be exploited by sending a TCP packet sequence handmade, while establishing a three-way deal. Successful exploitation could allow an attacker to cause memory loss and the potential burden of the product.

Finally, IOS XE for ASR 1000 Series Aggregation Services Router (ASR) 4400 Series Integrated Services Router (ISR) and Cloud Services Router (CSR) 1000V Series contains several problems that can lead to a denial of service.

Network administrators can use the Cisco IOS software to quickly determine Checker IOS software version both have their vulnerabilities. Note that the spell does not work for IOS XE.