The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment
Cisco Systems said attackers could disrupt or intercept traffic in many of its networking products unless a new security update is applied to the software they run.
The issue affects the implementation of the Open Shortest Path First (OSPF) routing protocol and its Link State Advertisement (LSA) database in particular. This protocol is used for determining the shortest routing paths inside an Autonomous System (AS) — a collection of routing policies for IP (Internet Protocol) addresses controlled by ISPs and large organizations.
[ InfoWorld’s expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes’ Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
[ Security expert Cricket Liu lays out the workings of a DNS-based DDoS attack — and how to prevent one from hitting your company. Download the PDF today! | Stay up to date on the latest security developments with InfoWorld’s Security newsletter. ]
The OSPF protocol is commonly used on large enterprise networks. It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic.
“This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic,” Cisco said in a security advisory.
Exploiting the vulnerability doesn’t require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device. The packets could contain false routes that would then get propagated throughout the entire OSPF AS domain.
However, the attacker does need to determine some information in advance in order to launch a successful attack, Cisco said. This information includes the network placement and IP address of the targeted router, the LSA database sequence numbers and the router ID of the OSPF Designated Router (DR).
The vulnerability affects networking devices running most versions of Cisco IOS, IOS-XE and NX-OS operating systems if they are configured for OSPF operations. It also affects the software running on the Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM), Cisco Pix Firewall, Cisco Firewall Services Module (FWSM) and the Cisco ASR 5000 carrier class platform.
Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com