Exploit found for Cisco vulnerability: Upgrade routers now

Exploit found for Cisco vulnerability: Upgrade routers now

Security officials are urging systems administrators to upgrade all network equipment running the Cisco Internetwork Operating System to protect against malicious code exploiting a recently reported vulnerability in the software.

The Homeland Security Department was notified this morning that the exploit has been discovered, triggering an alert from the CERT Coordination Center at Carnegie Mellon University.

Click here for instructions for downloading and installing an upgraded version of IOS or for using filters to block the code.

'What we're seeing currently is that the exploit is starting to show up on some networks,' said Al Huger, senior director of engineering and security response at Symantec Corp. of Cupertino, Calif.

The exploit follows fast on the heels of the announcement of the vulnerability, highlighting the small window of opportunity for protecting affected systems. So far only one public exploit has been seen, 'which is more than enough, because it works,' Huger said.

Cisco Systems Inc. of San Jose, Calif., announced Thursday that a flaw in almost all IOS software could cause devices handling IPv4 traffic to stop processing packets. The devices could be fooled by a specific sequence of abnormal packets into thinking that the input queue for a network interface is full, shutting down routing and address resolution protocols.

'No alarms will be triggered, nor will the router reload to correct itself,' Cisco said in its alert.

'Right now, the world isn't ending,' Huger said. But because Cisco hardware running the affected IOS is so widely deployed, the threat is considered serious.

The job of updating millions of pieces of hardware is complicated by the fact that the equipment runs at the heart of the Internet and other networks.

'Most network administrators aren't thrilled about upgrading things like IOS because it is infrastructure,' Huger said.

But at least some large networks have begun the task. Cisco gave top-tier backbone providers three days' advance notice of the vulnerability before it was publicly announced. Huger said one major backbone's staff, after two days and two sleepless nights of work, had upgraded only half of its equipment before the vulnerability became public Wednesday evening.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group