News

Cisco IOS gets fixes for 12 DoS bugs

SearchSecurity.in Staff

Cisco released its semi-annual IOS software security advisory bundled publication as part of its bi-annual patch release last week. This IOS patch update includes nine security advisories which cover a total of 13 vulnerabilities, 12 of which are DoS vulnerabilities.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

The last major IOS patch was released by Cisco in September 2011.These advisories address vulnerabilities in different components of Cisco’s IOS framework, with all the vulnerabilities scoring a CVSS base score between 7.1 and 8.5. The highest scored vulnerability at 8.5 is a command authorization bypass bug in IOS, which may allow arbitrary command execution from a remote application or device while using authentication, authorization and accounting (AAA) authorization.

Cisco IOS Software Zone-Based Firewall suffers from four DoS vulnerabilities that have been patched. All four have a CVSS score of 7.8, and involve the H.323 inspection engine (firewall HTTP inspection engine), a crafted IP packets based bug, and a session initiation protocol engine issue.

Other DoS vulnerabilities are present in in the following IOS software components:

The consolidated advisory is available here. Cisco’s IOS software checker tool can be used to check if a particular IOS software release is vulnerable. This tool does not support IOS XE and interim builds of the IOS platform.