Flaw may leave Cisco gear vulnerable

A hardware vulnerability may cause some high-end Cisco Systems Inc. switches and routers with specific configurations to crash, but only under very specific circumstances.

According to Cisco, Catalyst 6000 and 6500 switches and Cisco 7600 routers could freeze or reset if the device encounters a Layer 3 packet that is inconsistent in size with the Layer 2 frame encapsulating it.

To be affected, routers and switches must have a Multilayer Switch Feature Card 2 (MSFC2) with a FlexWAN or Optical Services Module (OSM). Equipment with a MSFC2 card running Cisco IOS Version 12.1(8b)E14, even without FlexWAN or OSM, are also vulnerable. Cisco CatOS software is not affected.

Cisco says that a Layer 2 frame crafted to have an inconsistent size with an encapsulated Layer 3 packet, and sent repeatedly to a vulnerable device, could bring down the switch or router. For this to happen, the packet must be routed in software — hardware-routed packets would not affect the device, Cisco says.

The vulnerability can only be corrected with a software upgrade.

According to Cisco, only attack traffic sent from a node on an internal LAN could affect vulnerable switches or routers, since the specially-crafted packets would be corrected by non-vulnerable Layer 3 network devices before hitting a vulnerable switch or router.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now