Cisco Provides Details On IOS Vulnerability
The flaw affects Cisco IOS running on the Cisco IAD2400 series Integrated Access Device (IAD), 1900 Series Mobile Wireless Edge Routers, and Cisco VG224 Analog Phone Gateways, according to a Cisco advisory issued Wednesday.
These devices are affected by a configuration error related to the Data Over Cable Service Interface Specification (DOCSIS), which defines interface requirements for high speed cable modems in cable television system networks. The vulnerability can allow an additional read-write string to be enabled for devices that are configured to manage the Simple Network Management Protocol (SNMP), which can be leveraged by attackers to gain complete control over systems, according to the advisory.
SNMP is an application layer protocol that allows network devices to exchange information, making it easier for network administrators to manage network performance, identify and fix problems, and coordinate expansion of the network.
Chris Labatt-Simon, president and CEO of D&D Consulting, an Albany, N.Y.-based solution provider, says the vulnerability shouldn't exist in non-cable devices and is more of an issue with the security of the DOCSIS standard, which mandates the existence of the access method that attackers could use to exploit the flaw.
"I don't understand what [the access method] is doing in a device that doesn't need to be DOCSIS compliant, but these are the types of security problems that exist as the result of trying to maintain monolithic legacy code," said Labatt-Simon.
Symantec's Deepsight Threat Management System rated the severity of the flaw as 10 on a scale of 10. Others saw it as less serious: The French Security Incident Response Team rated it "high risk", or 3 on a four point scale, while Secunia rated it as moderately critical, or 3 on a 5 point scale.