Cisco IOS Denial of Service
| Attack ID: | CPAI-2003-26 |
 |
|
| Publish Date: | |
|
|
| Last Update: | |
|
|
| Category: | Denial Of Service attack |
|
|
| Vulnerable Systems: | Cisco Systems IOS versions : 11.1, 11.0, 11.1AA, 11.1CA, 11.1CC, 11.1CT, 11.1IA, 11.1R, 11.2, 11.2BC, 11.2F, 11.2P, 11.2XA, 11.3, 11.3AA, 11.3DB, 11.3HA, 11.3NA, 11.3T, 11.3XA, 12.0, 12.0, 12.0(19), 12.0S, 12.0(5)S, 12.0SC, 12.0SP, 12.0ST, 12.0(16)ST, 12.0T, 12.0XA, 12.0XB, 12.0XC, 12.0XD, 12.0XE, 12.0XG, 12.0XI, 12.0XK, 12.0XM, 12.0XQ, 12.0XR, 12.0XV, 12.1, 12.1, 12.1, 12.1(5a)E, 12.1(1)EX, 12.1(5c)EX, 12.1(8a)EX, 12.1(9)EX, 12.1CX, 12.1E, 12.1EC, 12.1T, 12.1(1)T, 12.1XB, 12.1XC, 12.1XF, 12.1XG, 12.1XH, 12.1XI, 12.1XJ, 12.1XK, 12.1XL, 12.1XM, 12.1XP, 12.1XQ, 12.1XT, 12.1XU, 12.1YB, 12.1YC, 12.1YD, 12.1YE, 12.1YF, 12.1YI, 12.2, 12.2, 12.2(1), 12.2(1)T, 12.2(1)S, 12.2.10a, 12.2B, 12.2BC, 12.2DA, 12.2DD, 12.2S, 12.2T, 12.2XA, 12.2XB, 12.2XD, 12.2XE, 12.2XF, 12.2XG, 12.2XH, 12.2XI, 12.2XJ, 12.2XK, 12.2XL, 12.2XM, 12.2XN, 12.2XQ, 12.2XR, 12.2XS, 12.2XT, 12.2XW, 12.2YA, 12.2YB, 12.2YC, 12.2YD, 12.2YF, 12.2YG, 12.2YH, 12.1EZ, 12.1YA, 12.1XV, 12.1XA, 12.1XD, 12.1XE, 12.1XR, 12.1XS, 12.1EY, 12.1DB, 12.1DC, 12.1OS, 12.0DA, 12.0SL, 12.0W5, 12.0XH, 12.0XJ, 12.1AA, 12.1DA, 12.0SX, 12.1EX, 12.1EA, 12.0SY, 12.0SZ, 12.0WC, 12.0WT, 12.1AX, 12.1AY, 12.1EB, 12.1EV, 12.1EW, 12.1YJ, 12.1YH, 12.2BW, 12.2BX, 12.2BZ, 12.2CX, 12.2CY, 12.2DX, 12.2JA, 12.2MB, 12.2MC, 12.2MX, 12.2SX, 12.2SY, 12.2SZ, 12.2XU, 12.2YJ, 12.2YT, 12.2YN, 12.2YO, 12.2XC, 12.2YP, 12.2YK, 12.2YL, 12.2YM, 12.2YU, 12.2YV, 12.2YQ, 12.2YR, 12.2YS, 12.2YW, 12.2YX, 12.2YY, 12.2YZ, 12.2ZA, 12.2ZB, 12.2ZC, 12.2ZD, 12.2ZE, 12.2ZF, 12.2ZG, 12.2ZH, 12.2ZJ, 12.2ZL |
|
|
| Source: | CERT CA-2003-15 CERT CA-2003-17 CVE CAN-2003-0567 Cisco Alert |
|
|
| Description: | By sending specially crafted IPv4 packets to an interface on a vulnerable Cisco device, an attacker can cause this device to stop processing packets. |
|
|
| Severity: | |
| According to Cisco's advisory, this issue affects all Cisco devices running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets. | |
| Details: | Cisco routers are configured to process and accept Internet Protocol version 4 (IPv4) packets by default. A specially crafted sequence of IPv4 packets with protocol type 53 (SWIPE), 55 (IP Mobility), 77 (Sun ND), or 103 (Protocol Independent Multicast - PIM) which is handled by the processor on a Cisco IOS device can cause the router to stop processing inbound traffic on that interface. According to information from SANS, an exploit has been found in the wild for this vulnerability. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence FP-3 and later versions, will identify the following SmartView Tracker log: Attack Name: Cisco IOS Enforcement Violation |
|
|
| Solution: | Users of NG with Application Intelligence with SmartDefense Update subscription can perform an update to get INSPECT protection against this vulnerability. This update will automatically create 4 services (IP_Mobility, PIM, SUN_ND, SWIPE) of type ''Other'', all having INSPECT code, that will protect against this attack. If those services are needed in the rulebase, use those newly created services. Note: The code protects Cisco devices that are up to 3 hops from the FireWall. |
|
|
| Industry Reference: | |
|
|
| Additional Information: | |