Cisco switch flaw could affect management

A flaw in Cisco’s CatOS, which runs on Cisco Catalyst switches, could freeze TCP-based management services on the switch. A fix is available from Cisco’s Web site.

The vulnerability could allow an attacker to disable some management interfaces to a Catalyst switch. The flaw cannot be exploited to affect basic packet switching, according to the BugTraq security alert mailing list.

Upon receiving eight non-standard TCP flags (a series of send/receive messages involved in a standard TCP handshake), a Catalyst switch running CatOS will stop responding to TCP requests, according to Cisco and BugTraq. This will disable TCP services - such as Telnet, HTTP and Secure Sockets Layer (SSL) - on the box until it is rebooted. This would prevent a user from accessing the switch’s management interface via a Web GUI or Telnet command-line interface.

SNMP is not affected by the flaw and could still be used to access a compromised switch.

Switches affected by the CatOS flaw include Catalyst 4000, 5000 and 6000 switches. Cisco and Bug Traq said that only Catalyst chassis running CatOS, and not IOS software, are affected.

CatOS is Cisco’s base operating system software for its Catalyst switches - the most widely used LAN equipment in the market, according to many research firms. The software provides basic functions and services for LAN switches, such as quality of service, management and port configuration. Catalyst switches can also run Cisco’s IOS software to support more advanced services, such as routing, voice over IP support and other features.