Flaw may leave Cisco gear vulnerable

Flaw may leave Cisco gear vulnerable

A hardware vulnerability may cause some high-end Cisco Systems switches and routers with specific configurations to crash, but only under specific circumstances.

According to Cisco, Catalyst 6000 and 6500 switches and Cisco 7600 routers could freeze or reset if the device encounters a Layer 3 packet that is inconsistent in size with the Layer 2 frame encapsulating it.

To be affected, routers and switches must have a Multilayer Switch Feature Card 2 (MSFC2) with a FlexWAN or Optical Services Module (OSM). Equipment with a MSFC2 card running Cisco IOS Version 12.1(8b)E14, even without FlexWAN or OSM, are also vulnerable. Cisco CatOS software is not affected.

Cisco says that a Layer 2 frame crafted to have an inconsistent size with an encapsulated Layer 3 packet, and sent repeatedly to a vulnerable device, could bring down the switch or router. For this to happen, the packet must be routed in software - hardware-routed packets would not affect the device, Cisco says.

The vulnerability can only be corrected with a software upgrade.

According to Cisco, only attack traffic sent from a node on an internal LAN could affect vulnerable switches or routers, since the specially-crafted packets would be corrected by non-vulnerable Layer 3 network devices before hitting a vulnerable switch or router.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments