Cisco ASR 5000 series router vulnerability allows remote attackers to cause DoS
A vulnerability was reported in Cisco ASR 5000 and 5500 series routers that allows an unauthenticated remote attacker to conduct denial of service (DoS) attack by sending specially crafted Internet Key Exchange (IKE) messages.
Cisco ASR 5000/5500 series routers are popular devices that provide single Multimedia Core Platform for common services across Wi-Fi, 3G, 4G packet core and small cells. These devices also uses StarOS operating system, a customized, real-time version of Linux that provides a robust and highly flexible operating environment.
The vulnerability, which exist in the IPsec component of StarOS for Cisco ASR 5000 Series routers, allows attackers to reload of the ipsecmgr service due to improper processing of Internet Key Exchange (IKE) messages. Reload of this service terminates all IPsec VPN tunnels and prevents new VPN tunnels from establishing until the service has restarted. Thus, successful exploitation of the vulnerability leads to denial of service.
This vulnerability affects Cisco ASR 5000/5500 Series routers with software release 20.0.0, 20.1.0, 20.2.0, 20.2.3, 20.2.v1, 21.0.0 and 21.0.M0.64246. It also affects Cisco Virtualized Packet Core (VPC).
How to fix the vulnerability?
The good news is that the vendor has issued fixed software releases. You can download fixed releases using Cisco Bug Search Tool. All you have to do is to search Bug ID, CSCva13631.
As a final notice, the vulnerability is uniquely identified as CVE-2016-6466, and also confirmed by the vendor.
* Please subscribe to our free newsletter using the form below to receive latest cyber security news, vulnerability alerts, security updates, malware alerts, how-to guides, data breach and DDoS news, and scam alerts.
929 total views, 2 views today