SAN JOSE, CA – In a security advisory issued Wednesday, Cisco Systems reported a vulnerability in their Internetwork Operating System, which could be exploited to run code remotely on devices that the IOS.“The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition,” the company states in the summary of the advisory.
The advisory warns that successful exploitation of the vulnerability “may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained DoS attack or execution of arbitrary code on Cisco IOS devices.”
Cisco’s announcement lead security software vendor Symantec to heighten its “ThreatCon” global threat index to Level 2, meaning an attack is “expected.”
“Given the recent attention to exploitation of vulnerabilities in Cisco’s IOS it is possible that this issue will see attempts at exploit development in the near term,” Symantec stated in an advisory. Both Symantec and Cisco have said that there are no known exploits or attacks taking advantage of the vulnerability currently, however.
According to Cisco’s advisory, the vulnerability does not affect all versions of their IOS, and the flaw only exists if the Firewall Authentication Proxy for FTP and Telnet Sessions is in use. Cisco lists the devices affected as those running IOS versions 12.2ZH, 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T.
Cisco has made upgraded software available that patches the problem. Symantec has advised users who can’t install the patch immediately to disable the Firewall Authentication Proxy for FTP and Telnet Sessions, or limit access to the service to trusted hosts and networks.
For the full text of Cisco’s security advisory, go to cisco.com.
