FYI:
Cisco Routers Vulnerable to Scanners
Monday, June 26, 2000 - Cisco Systems is reminding customers
that
its hardware may crash when certain vulnerability checks are
performed against the devices. If a scanner invokes a Telnet
ENVIRON option #36 before the router is ready to accept that
instruction then the device may reset itself unexpectedly. By
repeatedly testing for the vulnerability a denial of service attack
could be launched against a device, thereby blocking service to
entire networks.
its hardware may crash when certain vulnerability checks are
performed against the devices. If a scanner invokes a Telnet
ENVIRON option #36 before the router is ready to accept that
instruction then the device may reset itself unexpectedly. By
repeatedly testing for the vulnerability a denial of service attack
could be launched against a device, thereby blocking service to
entire networks.
While Cisco originally issued a bulletin on April 19 of this year,
the
defect is still causing trouble for many of the company's customers
who have not upgraded their router's software. Cisco is urging users
to perform an upgrade as soon as possible. Affected versions of the
Cisco IOS software include 11.33A, 12.0(2) up to and including
12.0(6), as well as 12.0(7) except version 12.0(7)S, 12.0(7)T, and
12.0(7)XE, which are not vulnerable. Devices affected by the defect
would include any of the following product provided they run an
affected version of the software:
defect is still causing trouble for many of the company's customers
who have not upgraded their router's software. Cisco is urging users
to perform an upgrade as soon as possible. Affected versions of the
Cisco IOS software include 11.33A, 12.0(2) up to and including
12.0(6), as well as 12.0(7) except version 12.0(7)S, 12.0(7)T, and
12.0(7)XE, which are not vulnerable. Devices affected by the defect
would include any of the following product provided they run an
affected version of the software:
AS5200, AS5300, and AS5800 series access servers
7200 and 7500 series routers
ubr7200 series cable routers
7100 series routers
3660 series routers
SC3640 System Controllers (see the explanation below)
AS5800 series Voice Gateway products
AccessPath LS-3, TS-3, and VS-3 Access Solutions products
7200 and 7500 series routers
ubr7200 series cable routers
7100 series routers
3660 series routers
SC3640 System Controllers (see the explanation below)
AS5800 series Voice Gateway products
AccessPath LS-3, TS-3, and VS-3 Access Solutions products
Links: Cisco's Bulletin CI-00.03, Cisco
Support