Cisco patches traffic snooping flaw in operating systems used by its networking gear

The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment

Cisco Systems said attackers could disrupt or intercept traffic in many of its networking products unless a new security update is applied to the software they run.

The issue affects the implementation of the Open Shortest Path First (OSPF) routing protocol and its Link State Advertisement (LSA) database in particular. This protocol is used for determining the shortest routing paths inside an Autonomous System (AS) -- a collection of routing policies for IP (Internet Protocol) addresses controlled by ISPs and large organizations.

The OSPF protocol is commonly used on large enterprise networks. It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic.

"This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic," Cisco said in a security advisory.

Exploiting the vulnerability doesn't require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device. The packets could contain false routes that would then get propagated throughout the entire OSPF AS domain.

However, the attacker does need to determine some information in advance in order to launch a successful attack, Cisco said. This information includes the network placement and IP address of the targeted router, the LSA database sequence numbers and the router ID of the OSPF Designated Router (DR).

The vulnerability affects networking devices running most versions of Cisco IOS, IOS-XE and NX-OS operating systems if they are configured for OSPF operations. It also affects the software running on the Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM), Cisco Pix Firewall, Cisco Firewall Services Module (FWSM) and the Cisco ASR 5000 carrier class platform.

The Cisco advisory contains a table with the vulnerable software releases and the updates available for them, if any. Instructions for enabling OSPF authentication, which can mitigate the vulnerability, are described in a separate technical document.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitypatch managementNetworkingnetworking hardwareCisco SystemspatchesExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?