Cisco over the past week has announced a series of vulnerabilities in multiple products. Most are denial-of-service issues, while two additional problems could allow improper authentication.
The advisory,Cisco Telnet Denial of Service Vulnerability ,” describes a potential denial of new connections on a series of network services, specifically “telnet, reverse telnet, RSH [Remote Shell], SSH [Secure Shell], and in some cases HTTP [Hypertext Transport Protocol]” on devices running Cisco’s IOS operating system.
The condition is caused by a specially crafted TCP connection to the device using telnet or reverse telnet. Only new connections are affected. Existing communications over the affected protocols, as well as other services, are not affected. Secunia rates the vulnerability as “less critical.”
Cisco has not yet provided fixes or updated versions for this problem.
The second advisory, describing Multiple Vulnerabilities in Cisco Secure Access Control Server, is also rated by Secunia as “less critical.”Cisco’s ACS (Access Control Server) products “provide authentication, authorization and accounting [AAA] services to network devices.” Cisco Secure ACS for Unix is not affected.The advisory describes five bugs affecting different versions of the products. Three of the bugs involve denial-of-service attacks. A TCP connection flood against the Web-based management interface on port 2002 could lead to a denial of service for new connections on that port and instability in other authentication services on the device.
Another denial of service comes from a crash of the ACS when it is configured as a LEAP (Light Extensible Authentication Protocol) RADIUS Proxy. A reboot is required to clear these errors.