SSL vulnerability could bring down Cisco LAN/WAN gear
- 18 March, 2004 08:44
Cisco Systems warns that an implementation of Secure Sockets Layer on some of its switches, routers and firewalls could leave these devices vulnerable to a denial-of-service attack.
A warning posted on Cisco's Web site Wednesday says that some hardware and software products with HTTPS servers running OpenSSL (used for management and configuration) could be brought down by an attack designed to crash the HTTPS server on the affected device. Cisco posted a software fix for the problem.
Affected products include Cisco IOS 12.1(11)E, and 12.2SY "crypto" release versions and sub-releases. Products running this IOS image could include Cisco Catalyst 6500 switches and the firewall module for the Catalyst 6500, Cisco 7100 and 7200 series routers, PIX firewalls, Content Service Switches and the MDS 9000 series storage switches and Global Site Selector 4480. Software affected by the vulnerability includes the CiscoWorks Common Services 2.2, and Management Foundation 2.1 platforms and Cisco Access Registrar, a RADIUS remote access server.
Cisco says that an attacker could exploit the OpenSSL weakness on these products by "carefully crafting" a special SSL/TSL handshake against the HTTPS server that would cause it crash. This HTTPS crash would then cause the device to reset. Performing this attack repeatedly could make the device unavailable until the problem is fixed, or the attack stops. Cisco devices using Secure Shell (SSH) for secure access are not affected by the vulnerability, the vendor says.
PIX firewall Vversion 6.0 is affected, but not Version 5.0, which doesn't support OpenSSL, Cisco says. Not all Cisco products using OpenSSL code are vulnerable to the attack either, the company adds. A complete list of OpenSSL-enabled products that are affected, and not affected, is on Cisco's Web site.