Sunday, September 19, 2021

Flaw may leave Cisco gear vulnerable

A hardware vulnerability may cause some high-end Cisco Systems Inc. switches and routers with specific configurations to crash, but only under very specific circumstances.

According to Cisco, Catalyst 6000 and 6500 switches and Cisco 7600 routers could freeze or reset if the device encounters a Layer 3 packet that is inconsistent in size with the Layer 2 frame encapsulating it.

To be affected, routers and switches must have a Multilayer Switch Feature Card 2 (MSFC2) with a FlexWAN or Optical Services Module (OSM). Equipment with a MSFC2 card running Cisco IOS Version 12.1(8b)E14, even without FlexWAN or OSM, are also vulnerable. Cisco CatOS software is not affected.

Cisco says that a Layer 2 frame crafted to have an inconsistent size with an encapsulated Layer 3 packet, and sent repeatedly to a vulnerable device, could bring down the switch or router. For this to happen, the packet must be routed in software — hardware-routed packets would not affect the device, Cisco says.

The vulnerability can only be corrected with a software upgrade.

According to Cisco, only attack traffic sent from a node on an internal LAN could affect vulnerable switches or routers, since the specially-crafted packets would be corrected by non-vulnerable Layer 3 network devices before hitting a vulnerable switch or router.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News