Educause Security Discussion mailing list archives
DHS --> Cisco
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Fri, 18 Jul 2003 09:37:20 -0500
From DHS below, re the Cisco IOS problem.
M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu SYSTEMS AFFECTED: Routers and switches running Cisco IOS software. OVERVIEW The Department of Homeland Security (DHS) / Information Analysis and Infrastructure Protection (IAIP) National Cyber Security Division (NCSD) is issuing this advisory to heighten awareness of a remotely exploitable vulnerability in Cisco IOS 10.3 or later. DHS is working closely with the information technology industry to improve vulnerability awareness and information dissemination. DHS received confirmation that this vulnerability was exploited in a laboratory environment. Industry representatives have also verified that an exploit for this vulnerability exists in the wild. The probability of continued exploitation is high. IMPACT The recently announced vulnerability in devices running Cisco IOS 10.3 or later may be exploited to cause a denial of service state. Because routers and switches are an essential part of all network infrastructures, and because Cisco devices comprise a significant portion of those infrastructures, widespread exploitation of vulnerable Cisco devices could disrupt portions of the Internet. Rebooting the devices will restore availability. However, the devices are vulnerable to repeat exploits until corrections have been applied. DETAILS This vulnerability can be exploited by sending a string of specifically crafted IPv4 packets. The device may stop processing packets destined to the router, including routing protocol packets and ARP packets. No alarms will be triggered nor will the router reload to correct itself. This issue can affect all Cisco devices running Cisco IOS software. This vulnerability may be exercised repeatedly resulting in loss of availability until a workaround has been applied or the device has been upgraded to a fixed version of code. RECOMMENDATION Due to the seriousness of the Cisco IOS vulnerability and the availability of exploit code, DHS encourages administrators to take this opportunity to review the security of their Cisco systems implementation as soon as possible. DHS strongly recommends that system administrators who have not taken corrective action on Cisco devices do so now. Cisco IOS upgrades, workarounds, and additional information are available from Cisco at: (<http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml> <http://www.cisco.com>). Advisories recommend the immediate implementation of protective actions, including best practices when available. DHS encourages recipients of this advisory to report information concerning suspicious or criminal activity to law enforcement or a DHS watch office. The DHS Information Analysis and Infrastructure Protection watch offices may be contacted at: For private citizens and companies - Phone: (202) 323-3205, 1-888-585-9078, Email: nipc.watch () fbi gov <mailto:nipc.watch () fbi gov>; Online: <http://www.nipc.gov/incident/cirr.htm> For telecommunications industry - Phone: (703) 607-4950 Email: ncs () dhs gov <mailto:ncs () ncs gov> For Federal agencies/departments - Phone: (888) 282-0870 Email: fedcirc () fedcirc gov <mailto:fedcirc-info () fedcirc gov> Online: <https://incidentreport.fedcirc.gov> DHS intends to update this alert should it receive additional relevant information, including information provided to it by the user community. Based on this notification, no change to the Homeland Security Advisory System (HSAS) is anticipated; the current HSAS level is YELLOW. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- DHS --> Cisco Bruhn, Mark S. (Jul 18)