Cisco Patches Serious DoS Flaws in IOS Software

Updates released by Cisco on Wednesday for its IOS and IOS XE networking software patch several denial-of-service (DoS) vulnerabilities identified by the vendor’s own employees and external researchers.

Cisco has published a total of six advisories detailing the flaws, all of which have been rated as having high severity.

According to the vendor, one of the vulnerabilities is related to the improper handling of malformed Session Initiation Protocol (SIP) messages in Cisco IOS, IOS XE and Unified Communications Manager (UCM) software. A remote, unauthenticated attacker can exploit the security hole, tracked as CVE-2016-1350, to cause a memory leak, which eventually leads to the affected device reloading.

Another DoS vulnerability affects the DHCP version 6 (DHCPv6) relay feature of Cisco IOS and IOS XE. An unauthenticated attacker can exploit this bug, identified as CVE-2016-1348, to remotely cause an affected device to reload by sending it specially crafted DHCPv6 relay messages.

IOS and IOS XE software is also plagued by a DoS vulnerability (CVE-2016-1349) that affects its Smart Install client feature. An attacker can remotely cause a device to enter a DoS condition by sending malicious Smart Install packets to TCP port 4786.

A remote attacker can cause Cisco Catalyst 6500 and 6800 series switches running IOS, and Cisco Nexus 7000 and 7700 series switches running NX-OS to reload by exploiting a vulnerability (CVE-2016-1351) in the Locator/ID Separation Protocol (LISP).

A security weakness has also been identified in the Wide Area Application Services (WAAS) Express feature of IOS. A specially crafted TCP segment routed through an affected device causes it to enter a DoS condition, Cisco said in its advisory. This vulnerability, tracked as CVE-2016-1347, can be exploited remotely by an unauthenticated hacker.

The last advisory from Cisco describes a DoS flaw in the Internet Key Exchange (IKE) version 2 fragmentation code of IOS and IOS XE. The vulnerability (CVE-2016-1344) can be exploited by sending a specially crafted UDP packet to the affected system.

Cisco says it’s not aware of any instances where these vulnerabilities have been exploited for malicious purposes.

The six security advisories published on Wednesday are part of the company’s semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Another bundle of IOS advisories will be released in the fourth Wednesday of September.

Related: Cisco Security Products Plagued by Critical Flaw

Related: Unpatched Flaw Plagues Cisco Industrial Switches