Cisco Reports Critical Vulnerability

Cisco Systems has warned its customers about a handful of security vulnerabilities in one of its networking hardware product lines that researchers said could leave the devices open to attack.

The networking giant reported the presence of five individual flaws in its Cisco Optical Networking System 15000 Series in a bulletin issued to customers. Cisco also distributed an updated version of the ONS 15000 Series operating system to end users that it said addresses the problems.

Security researcher Secunia said the issue represents a highly critical vulnerability in the networking gear. If exploited, the issue could allow outsiders to launch denial-of-service attacks on the systems or compromise their management controls, the company said.

However, Secunia indicated that the conditions that would be necessary for the devices to be compromised, which would need to involve direct attacks on individuals who have administration permissions on the systems, should limit any potential fallout from the vulnerability. The company has not received reports of any attempts to take advantage of the issue.

“It certainly is a serious threat, but given the amount of information available from Cisco you would think there would only be an extremely limited number of vulnerable systems,” said Thomas Kristensen, chief technology officer at Secunia. “Most people should have patches in place before there are any exploits.”

Cisco specifically reported a problem with the Transport Controller software in the ONS 15000 Series devices’ operating system that it said could allow for remote access. As a result, Secunia said that multiple services in the OS are vulnerable to attacks that could use invalid commands to exhaust the machines’ memory resources, fail to respond to further connections or reset.

Another glitch identified by Cisco involves what it labeled an error within the OS software’s processing of IP packets. Secunia said that flaw could be used to reset the devices’ control cards with a specially crafted IP packet. A third problem highlighted by the security company hinges on a separate IP Packet handling issue causing the same results.

The fourth glitch involves the processing of so-called OSPF (open shortest path first) packets, which could be exploited to reset the control cards by sending a specially crafted OSPF packet to the involved system.

The networking company said that a fifth vulnerability exists within its CTC (Cisco Transport Controller) applet launcher, which is downloaded each time a systems administrator connects to the devices’ optical nodes. That issue could be used to execute arbitrary code on a workstation running CTC if it is used to connect to a malicious Web site running Java code, according to Secunia.

Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.