Links
Cisco TCP Denial of Service Vulnerability in Multiple Cisco Products
GSA Reference Number: AD090909-01
Simply Put: Cisco has announced a new vulnerability in multiple Cisco products, including Cisco ASA and PIX appliances and routers. The vulnerability covers a resource exhaustion issue with TCP connections, which causes a denial of service. Some devices may need to be rebooted to fully recover. This vulnerability is considered Critical by Gladiator. We will be reviewing all CoreDEFENSE-monitored Cisco ASA and PIX devices for susceptibility.
Attack Details:
This attack is based on a successful TCP connection with a Cisco device. If there are no listening services on the device, this attack will not work. The attacker manipulates the TCP connection state to force the connection to remain open for a long period of time, possibly indefinitely. If enough connections are made in this manner, the device will run out of resources to handle legitimate requests. The Cisco advisory has details on all affected systems (see link below).
Countermeasures: Cisco has released an IOS patch for this vulnerability for affected devices. Do not attempt applying this update without assistance from your network support vendor, if applicable. Gladiator CoreDEFENSE customers with devices affected by this vulnerability will be contacted and patched to Cisco’s Recommended Release Versions. Gladiator will begin contacting customers immediately to schedule this update.
Reference Links:
- Cisco Security Advisory (http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=7102)