DoS risks against Cisco storage routers routed
Get your fix now!
Cisco is advising users to upgrade software on its line of storage routers after the discovery of multiple security vulnerabilities involving the technology.
Three vulnerabilities have been discovered in Cisco SN 5420 Storage Router software releases up to and including 1.1(5).
Two of the vulnerabilities (involving sending a HTTP request with a huge header or sending a fragmented packet over the Gigabit interface) can crash storage routers, and might be used in Denial-of-Service attack, Cisco advises. The third flaw allows an access to the SN 5420 configuration if it has been previously saved on the router.
Crackers are yet to exploit the software flaws, Cisco reports.
All three vulnerabilities are fixed in release 1.1(7) of software for the SN 5420 Storage Router, which Cisco has made available through partners and its Web site. Cisco is offering free software upgrades to eliminate this vulnerability to all affected customers.
Last week, analysts Yankee Group advised that storage security would become an "imperative" this year as the adoption of Internet technologies undermines the comforting notion that storage networks are safe from hacker attacks. ®