Attackers could exploit flaws in Cisco System's Internetwork Operating System (IOS) and intrusion defense products to gain privileged access to vulnerable devices, bypass security restrictions or cause a denial of service. But fixes are available.
The San Jose, Calif.-based networking giant released two advisories this week, one addressing a flaw in IOS. Specifically, the flaw affects IOS software running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways.
In its advisory on the flaw, the French Security Incident Response Team (FrSIRT) said the problem is a design error where "a default hard-coded Simple Network Management Protocol (SNMP) community string intended for Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces is enabled on devices configured for SNMP management." Attackers could exploit the flaw to gain privileged access to a vulnerable device.
Cisco's advisory outlines how customers can switch to a fixed version of the software.
Meanwhile, two vulnerabilities have surfaced in Cisco's Intrusion Detection (IDS) and Intrusion Prevention (IPS) Systems, which an attacker could exploit to cause a denial of service or bypass security restrictions.
The first problem is an error in the Web administration interface that doesn't properly handle malformed SSLv2 Client Hello packets. Attackers could exploit this to cause a vulnerable device to become unresponsive to all future remote management requests through the Web administration interface or the command-line interface (CLI) via SSH and the console.
The second problem is an error that appears when fragmented IP packets are processed. Attackers could exploit this to evade traffic inspection and circumvent the protections provided by a vulnerable device.
Cisco recommends customers upgrade to IDS version 4.1(5c) and IPS version 5.0(6p2) or 5.1(3) to fix the flaw.