HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-55
Multiple Vulnerabilities in Firewall Services Module

Original issue date: October 24, 2007

Severity Rating: High

Systems Affected

  • The FWSM- software versions 3.1(5) and 3.2(1), if the
    HTTPS server on the FWSM is enabled.

Overview

Multiple vulnerabilities exist in the Cisco Firewall Services Module (FWSM) that may cause reloading the FWSM. These vulnerabilities can be exploited by executing specially crafted packets during the processing HTTPS requests, or Media Gateway Control Protocol (MGCP) packets. Repeated exploitation can cause denial of service (DoS) attack.

Another vulnerability may cause access control list (ACL) entries to get corrupted after the access list has been manipulated.

Description

Media Gateway Control Protocol (MGCP) is a protocol used within a Cisco Voice over IP system. Cisco Firewall Services Module (FWSM) is a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers . This vulnerability address the issue of FWSM reload when the device process crafted ‘https' requests, crafted ‘MGCP' packets or access-list corruption.

1. Crafted HTTPS Request:A FWSM that has the HTTPS server enabled may reload the device if it processes a crafted HTTPS request. The HTTPS server is disabled by default.

2. Crafted MGCP Packet :An FWSM that has the MGCP application layer protocol inspection feature enabled may reload when the device processes a crafted MGCP packet.

3. Manipulation of ACL May Cause ACL Corruption : ACL may get corrupted after manipulation because of this vulnerability.

Workaround

Use appropriate access-list

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20071017-wsm.shtml

References

SecurityFocus
 http://www.securityfocus.com/archive/1/482436  

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003