Cisco Warns Of Vulnerabilities In IOS XR Software


Cisco this week issued several new security advisories related to its content delivery system Internet streamer, Web management interfaces, IOS XR software platform and XR 12000 series shared port adapters.

The updates, dated May 25, are the most recent batch from Cisco since warning users of vulnerabilities in its Unified Communications Manager and wireless LAN controllers in late April.

The updates detail several new vulnerabilities. According to Cisco, the Cisco Internet Streamer application, which is part of Cisco's Content Delivery System, has a vulnerability in its Web server component that causes the Web server to crash when processing specially crafted URLs. Cisco has issued a free software update to address it; workarounds are not available. The vulnerability affects system software version 2.5.7 or later on Cisco's Internet Streamer application.

Cisco also disclosed vulnerabilities in its RVS4000 four-port Gigabit Security Routers and WRVS4400N Wireless-N Gigabit security routers which, according to Cisco, have "several Web interface vulnerabilities that can be exploited by a remote, unauthenticated user." Cisco released software to address each; affected lines are the Cisco RVS4000 Gigabit Security Router v1 and v2 and the Cisco WRVS4400N Wireless-N Gigabit Security Routers v1, v1.1 and v2. Cisco noted that both v1 and v1.1 of the WRVS4400N routers previously were made end-of-life and the company will not be making further firmware updates to either.

Also disclosed this week were vulnerabilities to Cisco IOS XR Software releases 3.8.3, 3.8.4 and 3.9.1, whereby an unauthenticated, remote user can trigger vulnerabilities by sending specific IPv4 packets to or through an affected device. Doing so, Cisco noted, could cause the NetIO process to restart and could prompt the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router to reload. Cisco is releasing free Software Maintenance Units to address the problems, which affect any device running those versions of Cisco IOS XR Software with an IPv4 address configured on an interface of a Cisco Line Card or Cisco CRS MSC.

There are more headaches for Cisco IOS XR Software, Cisco said, specifically versions 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2 and 4.1.0. All are affected by a vulnerability in which an unauthenticated, remote user could trigger a reload of a Shared Port Adapters (SPA) interface processor by sending specific IPv4 packets to an affected device. As in the previous advisory, Cisco released free Software Maintenance Units. The vulnerability affects any device running the aforementioned Cisco IOS XR releases with an SPA interface processor installed.

The last of Cisco's May 25 updates is a Denial of Service (DoS) vulnerability found in Cisco IOS XR Software in the SSH application, specifically when SSH version 1 is used. The vulnerability, according to Cisco, is a result of unremoved sshd_lock files that consume all available space in the /tmp filesystem. Cisco has released free software updates to address the issue, which affects all unfixed versions of Cisco IOS XR Software devices configured to accept SSHv1 connections.