Cisco warns of IOS flaw

Security vulnerability could allow an attacker to disable remote administration access

Cisco Systems Inc. warned of another security vulnerability to its products last week, one that could allow an attacker to disable remote administration access to a Cisco device running IOS.

The vendor says that a string of specifically crafted TCP packets sent to a port 25 telnet connection, or reverse telnet port, on an IOS-based Cisco router or switch could block all telnet Remote Shell (RSH), Secure Shell (SSH) and HTTP access to the device. Telnet, reverse telnet (a method for telnet access to multiple devices), RSH, SSH and HTTP connections made before an attack would still be intact, Cisco says.

Cisco says that packet forwarding and routing services of the attacked devices would not be affected, but the attack would block net managers' ability to administer or configure the device. This would require them to take the switch or router down to make configuration changes.

Cisco says it will provide an IOS software fix for the vulnerability. The vendor says users can work around the problem by disabling telnet and keeping SSH open for remote management.

The vulnerability is the second one reported by Cisco this week, after it notified users that two of its Access Control Server products could be compromised via denial-of-service attacks or by unauthorized log-in attempts.

This story, "Cisco warns of IOS flaw" was originally published by Network World.