A software vulnerability in some Cisco routers and switches could allow an attacker to cause the devices to hang, the vendor warned this week.
Gear running IOS version 12.2S, as well as DHCP server and relay functions, can be made unavailable if an attacker overloads the device with specially crafted DHCP packets, Cisco says. The vendor warns that even if users don't have the DHCP service or DHCP relay service configured on an affected product, the device may still be vulnerable.
The problem lies with a glitch in how the software handles DHCP packets. If an attacker sends irregular DHCP packets meant to confuse the device, the packets "will remain in the queue instead of being dropped," according to a Cisco advisory. "If a number of packets are sent that equal the size of the input queue, no more traffic will be accepted on that interface." This will stop the device from routing or switching packets.
DHCP service is enabled by default in IOS software, Cisco says. This means a router or switch may be vulnerable even if the device is not being used to provide DHCP services on a network. To ensure that a device is not vulnerable, "no service dhcp" must appear in the device's configuration display, Cisco says.
Affected routers and switches include:
- 7200, 7300 and 7500 routers
- 2650, 2651, 2650XM and 2651XM Multiservice platforms
- ONS15530 and ONS15540 optical platforms
- Catalyst 4000 switcehs with Sup2plus, Sup3, Sup4 and Sup5 modules
- Catalyst 4500 switches with Sup2Plus TS modules
- Catalyst 4948, 2970, 3560, and 3750 switches
- Catalyst 6000, Sup2/MSFC2 and Sup720/MSFC3 modules
- 7600 routers with Sup2/MSFC2 and Sup720/MSFC3 modules
These devices must be running a branch of IOS version 12.2S to be considered vulnerable.
Cisco is offering a free software fix for users customers who want to keep using affected Cisco devices for DHCP services.