Cisco Patch Day: Multiple DoS Flaws in IOS

As part of their semiannual patch day, Cisco released seven security advisories describing different Denial of Service (DoS) vulnerabilities affecting the IOS software that primarily ships with their routers. The seven flaws differ technically, and lie within various IOS components, including NAT, IKE, RSVP, etc. However, most of them share the same essential scope and impact. If a remote, unauthenticated attacker can send specially crafted packets to your IOS device, he can exploit many of these flaws to cause the device to fill up memory, or crash and restart. Attackers can repeatedly leverage these flaws to knock your router offline for as long as they can carry out the attack.

DoS vulnerabilities in your gateway router pose a fairly significant risk, since attackers can leverage them to essentially knock you offline. Right now, DoS attacks are in vogue among Hacktivists and other attackers. Over the past week, Spamhaus has suffered the largest DDoS attacks in recorded cyber history, and big banks have suffered from politically motivated DDoS attacks for months now. Though today’s IOS DoS flaws are not likely what contribute to these huge DDoS attacks, they could make a DDoS attackers life even easier. If you manage any Cisco IOS gear, I highly recommend you check out today’s Cisco IOS alerts and apply the corresponding updates and workarounds. — Corey Nachreiner, CISSP (@SecAdept)

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

3 Responses to “Cisco Patch Day: Multiple DoS Flaws in IOS”

  1. What i ddo not understood is in realkty how you’re nott actually much more neatly-appreciated than you might be now.
    Youu are very intelligent. You realize thjus considerably on the subject of
    this subject, produced me individdually believe it from sso many varied angles.
    Its like women and men don’t seem to be involved until it’s something to accomplish with Wonan gaga!
    Your individual stuffs nice. Always care for it up!


  1. WatchGuard Security Week in Review: Episode 57 – 300Gb DDoS | WatchGuard Security Center - March 29, 2013

    […] Cisco IOS DoS Vulnerabilities Alerts – WGSC […]

  2. WatchGuard Security Week in Review: Episode 57 – 300Gb DDoS - Arlington, Fort Worth, Dallas | Marjen Technology Group - September 29, 2015

    […] Cisco IOS DoS Vulnerabilities Alerts – WGSC […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: