Feeds

Cisco visits top clients to warn of SNMP bugs

Door for possible DoS exploits

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Cisco has publicly disclosed a number of potentially devastating security vulnerabilities affecting the operating system used by its routers and switches.

In the most serious case, flaws in the way Cisco's Internetwork Operating System (IOS) implements Simple Network Management Protocol (SNMP), a standard for the remote administration of network devices, could leave the door open to fresh types of denial of service attacks.

Multiple versions of IOS contain several independent, but related, vulnerabilities involving the unexpected creation and exposure of SNMP community strings, which define how operating variables can be viewed or modified on a networked device.

"Knowledge of read-write community strings allows remote configuration of affected devices without authorisation, possibly without the awareness of the administrators of the device and resulting in a failure of integrity and a possible failure of availability," Cisco discloses in a security notice, available here.

Roy Hills, testing development director at security testing firm NTA Monitor, said: "What Cisco has said indicates there's potential for denial of service attack, the question is how easy this would be. Any real damage possible with the vulnerability depends on the scope of access and whether an exploit became posted."

According to Hills, the vulnerability is a "major issue" because so many devices will need to be modified, a particular headache for service providers.

The vulnerability affects almost all Cisco routers and switches, but not its voice gateways, optical switches or firewalls.

Cisco is taking the issue very seriously and took the highly unusual step of visiting its most important customers to discuss the issue beforehand, including one Register reader who told us he received a short-notice visit from three senior Cisco techies last week.

To fix the bugs, Cisco is offering free software upgrades for various versions of its operating system, all of which are affected by the problem. Pending the availability of some of these fixes, Cisco has suggested a workaround involving blocking SNMP access.

Separately, Cisco has warned that IOS contains a flaw which permits the successful prediction of TCP Initial Sequence Numbers; this makes it easier to forge messages that could allow crackers to break into systems.

However, exploitation of the vulnerability is only possible for TCP sessions which originate or terminate on the affected Cisco device itself, not on traffic flowing through it. More information on this bug is available here. ®

Related stories:
Cisco routers vulnerable to easy attack
Cisco 600 routers offer cracker fun

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.