Cisco IOS gets fixes for 12 DoS bugs

News

Cisco IOS gets fixes for 12 DoS bugs

SearchSecurity.in Staff

Cisco released its semi-annual IOS software security advisory bundled publication as part of its bi-annual patch release last week. This IOS patch update includes nine security advisories which cover a total of 13 vulnerabilities, 12 of which are DoS vulnerabilities.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

The last major IOS patch was released by Cisco in September 2011.These advisories address vulnerabilities in different components of Cisco’s IOS framework, with all the vulnerabilities scoring a CVSS base score between 7.1 and 8.5. The highest scored vulnerability at 8.5 is a command authorization bypass bug in IOS, which may allow arbitrary command execution from a remote application or device while using authentication, authorization and accounting (AAA) authorization.

Cisco IOS Software Zone-Based Firewall suffers from four DoS vulnerabilities that have been patched. All four have a CVSS score of 7.8, and involve the H.323 inspection engine (firewall HTTP inspection engine), a crafted IP packets based bug, and a session initiation protocol engine issue.

Other DoS vulnerabilities are present in in the following IOS software components:

The consolidated advisory is available here. Cisco’s IOS software checker tool can be used to check if a particular IOS software release is vulnerable. This tool does not support IOS XE and interim builds of the IOS platform.