HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-28
Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets

Original issue date: May 28, 2007

Severity Rating: High

System Affected

  • All Cisco IOS with enabled SSL protocol

Overview

Cisco IOS is affected by the following vulnerabilities:

  • Processing ClientHello messages
  • Processing ChangeCipherSpec messages
  • Processing Finished messages
A remote attacker can exploit t hese vulnerabilities without authentication and without user interaction. While processing malformed Secure Sockets Layer (SSL) packets, Cisco IOS device may lead to a sustained Denial-of-Service (DoS). Successful repeated exploitation of any of these vulnerabilities may crash the device.

Description

The following application layer protocols in Cisco IOS use SSL:

  • Hyper Text Transfer Protocol over SSL (HTTPS). This is the most commonly used protocol that employs SSL.
  • Cisco Network Security (CNS) Agent with SSL support
  • Firewall Support of HTTPS Authentication Proxy
  • Cisco IOS Clientless SSL VPN (WebVPN) support

SSL protocol is used. to make a secure connection between two hosts. It is possible for an attacker to trigger these vulnerabilities remotely after establishing a TCP connection and to terminate an existing session by sending TCP RST. After that, to trigger the vulnerability, the attacker could then wait for a new SSL session to be established and inject malicious packets at the beginning of the new SSL session. In the sequence of malformed messages, “Client hello” is first to be sent. After getting exchanged the “ClientHello and ServerHello” messages, “ChangeCipherSpec” message is sent. Finally finished message is sent.

Workarounds

  • To prevent the vulnerability disable the affected service.
  • It is possible to mitigate these vulnerabilities by preventing unauthorized hosts to access the affected devices.

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-air-20070522-SSL.shtml

References

sans
http://isc.sans.org/diary.html?storyid=2835

US-CERT
http://www.us-cert.gov/current/index.html#cisco_releases_security_
advisory_to3

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003