Do you like this site? Remember to share it to all your friends on Facebook and Twitter!

Friday, August 13, 2010

TCP Denial of Service Vulnerability of Cisco IOS 15.1(2)T

Related Posts: ,
If the IOS version your Cisco Router (or Switch) is 15.1(2)T and exposed publicly on the Internet, you might have to schedule an emergency IOS update this weekend.

Only IOS version 15.1(2)T is affected.

The Denial of Service (DoS) attack to make use of this vulnerability must be targeted at router's IP addresses themselves. Although not described in this Advisory, I believe the router being attacked would become non-responding during remote management or unexpectedly reload itself from time to time. Your network would become unavailable while the router reloads.

There are workarounds instead of IOS update, such as Control Plane Policing (CoPP). However, updating IOS image with one reload would be much simpler and cleaner.

At this moment, the updated IOS version with fixes is "15.1(2)T0a".

For more information about workarounds or how to determine whether your systems have this vulnerability or not, please refer to the original Advisory on Cisco.com:
Cisco Security Advisory: Cisco IOS Software TCP Denial of Service Vulnerability� [Products & Services] - Cisco Systems


Do you like this post? You really should consider Subscribing by Email!


Related Posts with Thumbnails
Related Posts: ,
Posted by at 4:44 PM
Location: Wanhua District, Taipei City, Taiwan 108

No comments:

Post a Comment

Tip: you can also anonymously comment here.

Subscribe to: Post Comments (Atom)

Popular Posts