Exploit Of Cisco Flaw Released, But No Outages Reported - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Infrastructure

Exploit Of Cisco Flaw Released, But No Outages Reported

Researchers say hackers have figured out how to use a software flaw in Cisco's networking gear to cripple the equipment, but there were no immediate reports of outages.

SAN JOSE, Calif. (AP) -- A day after Cisco Systems Inc. warned of a serious software flaw in networking gear that routes Internet traffic, researchers said hackers had figured how to cripple the equipment.

There were no immediate reports of outages, but that was expected to change, the Computer Emergency Response Team, a taxpayer-funded group at Carnegie Mellon University, said Friday in an advisory.

Internet security companies boosted their threat assessment levels.

"This exploit allows an attacker to interrupt the normal operation of a vulnerable device," the CERT advisory said. "We believe it is likely that intruders will begin using this or other exploits to cause service outages."

On Thursday, operators of Internet backbone and other companies scrambled to patch the flaw, which could cause widespread outages because Cisco routers and switches are so prevalent on the Internet.

Cisco did not immediately comment on the exploit. The San Jose-based network gear maker released a workaround as well as a free patch to fix the flaw in its widely used Internetworking Operating System.

Internet providers, meanwhile, quickly scheduled maintenance downtime to install the patch.

According to Cisco's alert, the vulnerability is exploited by sending a "rare sequence" of data packets to a device running IOS, the equivalent of Windows for routers and switches. It causes the device to stop processing traffic once its incoming queue is full.

The attack, which spokesman Jim Brady said Cisco discovered through internal testing, does not trigger any alarms and can be repeated until the device is inaccessible.

"This type of attack can be launched at a specific target, or launched indiscriminately to cause widespread outages," according to an alert issued by Internet Security Systems.

An unusually high number of emergency maintenance outages have been scheduled by Internet carriers and providers since Tuesday, said Dan Ingevaldson, engineering manager for ISS's X-Force research development group.

Large Internet traffic carriers, such as AT&T, MCI, and Sprint, have taken measures. Dave Johnson, a spokesman for AT&T, said the company was alerted by Cisco on Tuesday night.

Network administrators who manage Cisco equipment are more likely to pay attention to security warnings than home computer users. Still, applying a patch to a router is not a trivial operation, Ingevaldson said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
Editors' Choice
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Download Now!
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Download This Issue!
Slideshows
Flash Poll