Exploit Of Cisco Flaw Released, But No Outages Reported - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Exploit Of Cisco Flaw Released, But No Outages Reported

Researchers say hackers have figured out how to use a software flaw in Cisco's networking gear to cripple the equipment, but there were no immediate reports of outages.

SAN JOSE, Calif. (AP) -- A day after Cisco Systems Inc. warned of a serious software flaw in networking gear that routes Internet traffic, researchers said hackers had figured how to cripple the equipment.

There were no immediate reports of outages, but that was expected to change, the Computer Emergency Response Team, a taxpayer-funded group at Carnegie Mellon University, said Friday in an advisory.

Internet security companies boosted their threat assessment levels.

"This exploit allows an attacker to interrupt the normal operation of a vulnerable device," the CERT advisory said. "We believe it is likely that intruders will begin using this or other exploits to cause service outages."

On Thursday, operators of Internet backbone and other companies scrambled to patch the flaw, which could cause widespread outages because Cisco routers and switches are so prevalent on the Internet.

Cisco did not immediately comment on the exploit. The San Jose-based network gear maker released a workaround as well as a free patch to fix the flaw in its widely used Internetworking Operating System.

Internet providers, meanwhile, quickly scheduled maintenance downtime to install the patch.

According to Cisco's alert, the vulnerability is exploited by sending a "rare sequence" of data packets to a device running IOS, the equivalent of Windows for routers and switches. It causes the device to stop processing traffic once its incoming queue is full.

The attack, which spokesman Jim Brady said Cisco discovered through internal testing, does not trigger any alarms and can be repeated until the device is inaccessible.

"This type of attack can be launched at a specific target, or launched indiscriminately to cause widespread outages," according to an alert issued by Internet Security Systems.

An unusually high number of emergency maintenance outages have been scheduled by Internet carriers and providers since Tuesday, said Dan Ingevaldson, engineering manager for ISS's X-Force research development group.

Large Internet traffic carriers, such as AT&T, MCI, and Sprint, have taken measures. Dave Johnson, a spokesman for AT&T, said the company was alerted by Cisco on Tuesday night.

Network administrators who manage Cisco equipment are more likely to pay attention to security warnings than home computer users. Still, applying a patch to a router is not a trivial operation, Ingevaldson said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll