SSL vulnerability could bring down Cisco LAN/WAN gear

Cisco Systems Inc. warned that an implementation of Secure Sockets Layer on some of its switches, routers and firewalls could leave these devices vulnerable to a denial-of-service attack.

A warning posted on Cisco’s Web site Wednesday says that some hardware and software products with HTTPS servers running OpenSSL (used for management and configuration) could be brought down by an attack designed to crash the HTTPS server on the affected device. Cisco posted a software fix for the problem.

Affected products include Cisco IOS 12.1(11)E, and 12.2SY “crypto” release versions and sub-releases. Products running this IOS image could include Cisco Catalyst 6500 switches and the firewall module for the Catalyst 6500, Cisco 7100 and 7200 series routers, PIX firewalls, Content Service Switches and the MDS 9000 series storage switches and Global Site Selector 4480. Software affected by the vulnerability includes the CiscoWorks Common Services 2.2, and Management Foundation 2.1 platforms and Cisco Access Registrar, a RADIUS remote access server.

Cisco said that an attacker could exploit the OpenSSL weakness on these products by “carefully crafting” a special SSL/TSL handshake against the HTTPS server that would cause it crash. This HTTPS crash would then cause the device to reset. Performing this attack repeatedly could make the device unavailable until the problem is fixed, or the attack stops. Cisco devices using Secure Shell (SSH) for secure access are not affected by the vulnerability, the vendor said.

PIX firewall Vversion 6.0 is affected, but not Version 5.0, which doesn’t support OpenSSL, Cisco said. Not all Cisco products using OpenSSL code are vulnerable to the attack either, the company added. A complete list of OpenSSL-enabled products that are affected, and not affected, is on Cisco’s Web site.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now