cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1072
Views
0
Helpful
4
Replies
Highlighted
Beginner

Cisco IOS Malformed IPV4 Packet Denial of Service Vulnerability

Hello again,

 

I am seeing the vulnerability listed in the title on our client's C3750X Catalyst switches.


Some of the switches do run older IOS (one is as old as 12.2) but the one that I have been working on to fix is on 15.2(4)E7. I know that E10 is now available but I would think that a vulnerability reported back in years back would be addressed on any of the updates since. 


I even tried creating an ACL to deny 53 55 77 on the switch and assigning it to all 48 interfaces but I am still seeing the scan report this vulnerability.

Perhaps I didn't create the ACL correctly or applied it correctly but I am at a lost as to what to do next. 

 

I have attached a copy of the current running config to see if anyone can point me in the right direction.

 

Thank you

 

4 REPLIES 4
Highlighted
VIP Advisor

Hi there,

Please can you share the Cisco vulnerability ID that you are trying to mitigate?

 

cheers,

Seb.

Highlighted

Hello Seb,

 

This is actually a vulnerability that was picked up by a Qualys scan. It is being listed as a potential vulnerability and has not been confirmed.

 

QID from Qualys is 43051.

Highlighted

Hello,

 

I have the same problem but my device is a switch 2960 and I applied the access list in all the interfaces including the vlans, and every time I run Qualys, it shows the same potential vulnerability. The current OS version is 15.2(7)E2.

 

Extended IP access list 101
30 permit tcp host X.X.X.X eq domain any
40 permit udp host X.X.X.X eq domain any
50 deny 53 any any
60 deny 55 any any
70 deny 77 any any
80 permit ip any any (15548 matches)

 

I want to add that I have the same access list on a Cisco switch 4510, and it blocks ports 53, 55 and 77.

 

Why is not working on a 2960 switch??

 

Any help. Thank you.

Highlighted

Hi there,

In your ACLs, the numbers 53,55 and 77 are protocol numbers not port numbers.

For reference:

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#extacls

https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers

 

cheers,

Seb.

Content for Community-Ad