Cisco firewalls hit again by DoS condition
Cisco is reporting “multiple vulnerabilities” in the firewall services module for its Catalyst 6500 switch and 7600 series router. Cisco CCNA Training issued a security advisory on the vulnerabilities here.
The glitches may cause the firewall module to reload after processing crafted SunRPC or certain TCP packets. Repeated exploitation could result in a sustained Denial of Service condition, the Cisco advisory states.
The module has been susceptible to DoS vulnerabilities in the past.
Cisco also says its ASA 5500 Series Adaptive Security Appliances are affected by the SunRPC vulnerabilities. The company has issued a separate advisory on this and other ASA 5500 vulnerabilities here.
The SunRPC and TCP packet vulnerabilities are independent of each other, Cisco says in the advisory. A product may be affected by one and not the other.
Cisco CCNA Certification says the vulnerabilities were found during the troubleshooting of customer service requests and internal testing. The company issued free software updates to address them and that workarounds are also available.
Cisco also says it is not aware of any public announcements or malicious use of the vulnerability described in this advisory.