Cisco Fixes Multiple Catalyst Vulnerabilities

Cisco Catalyst 6000 and 6500 switches and Cisco 7600 series routers that have a Network Analysis Module (NAM) installed are susceptible to a Simple Network Management Protocol (SNMP) communication spoofing vulnerability, according to a Cisco advisory.

By spoofing the SNMP communication between the Catalyst system and the NAM, an attacker could take complete control of the Catalyst system, Cisco noted. The flaw affects routers that run Cisco's Internetwork Operating System (IOS) and Catalyst Operating System (CatOS).

NAMs provides integrated network traffic monitoring and analysis from local and remote switches and routers and gives insight into which applications are running and how they're performing.

Hackers are increasingly trying to access components of devices and systems that haven't been traditional attack vectors, which is likely why Cisco feels it's important to patch this type of vulnerability, said Chris Labatt-Simon, president and CEO of D&D Consulting, an Albany, N.Y.-based Cisco solution provider.

Labatt-Simon added that the modular architecture Cisco uses helps mitigate security vulnerabilities by restricting their impacts to specific components. "There are no unusual targets these days with regard to vulnerabilities: Today we have to assume that everything is fair game," he said.

Cisco issued a patch for the SNMP spoofing vulnerability and gave it a CVSS base score of 10, while Symantec Deepsight also gave it a 10.

Since its launch about seven years ago, Catalyst 6500 switches have topped $20 billion in sales, and the modules Cisco uses to integrate services such as security and VoIP into the Catalyst 6500 platform provide lower total cost of ownership, according to solution providers.

In a separate Wednesday advisory, Cisco said an attacker could trigger a denial of service attack on Catalyst 6000, 6500 and 7600 series switches and routers by sending a rigged Multi Protocol Label Switching (MPLS) packet to an affected system.

MPLS integrates Layer 2 information about network links into Layer 3 within a service provider network to boost efficiency of IP packet exchange and allow ISPs to offer more scalability and service diversity to customers.

Cisco said the flaw affects Catalyst 6000, 6500 and Cisco 7600 systems running a hybrid of CatOS on the Supervisor Engine and IOS on the Multilayer Switch Feature Card (MSFC), as well as Catalyst 6500 systems running with Cisco IOS software modularity.

Cisco gave the MPLS flaws a CVSS base score of 3.3, but Symantec Deepsight rated its severity as 6.2 on its proprietary 10-point scale.