08-24-2006 12:04 AM - edited 03-09-2019 04:00 PM
Hello,
I run nessus (port scanner) for a Cisco 2811 router and I don't understand one vulnerability from the results.
Here it is:
The remote system appears vulnerable to an invalid Options field
within a TCP packet. At least one vendor firewall (Symantec) has
been reported prone to such a bug. An attacker, utilizing this flaw,
would be able to remotely shut down the remote firewall (stopping all
network-based transactions) by sending a single packet to any port.
See also :
http://www.osvdb.org/displayvuln.php?osvdb_id=5596
http://www.eeye.com/html/Research/Advisories/AD20040423.html
Risk factor : High
CVE : CVE-2004-0444
BID : 10204, 10334, 10335
Other references : IAVA:2004-A-0010
Nessus ID : 12216
Is Cisco 2811 vulnerable to this bug?
Is there an IOS to fix this bug?
Symantec has released a patch to correct this bug.
Thank you for your help.
08-25-2006 07:00 AM
I have not found anywhere in any of the documentation that Cisco products are susceptible to this vulnerability... All of the documentation I read indicates it only affects Symantec and Norton products.
08-27-2006 09:36 PM
Hi Jay,
Thank you for your reply.
To tell you the truth, when I posted my question, I didn't think I would get any reply at all :)
I see that you have some experience on security, also owner of CCSP, so you definitely know more about this.
Well, I couldn't find any documents for Cisco products about this vulnerability either, but I need to be sure.
Do you think if I open a TAC case they can help me?
Thank you
08-28-2006 01:12 AM
Marinos
Can you please post the IOS version you are running on your router - output the content of "sho ver" here and we can confirm if the vulnerability is related to your specific platform.
But personaly, I've not come across this on the 2800 platform. Of course you can open up a TAC case on this too.
Thanks / Jay
08-28-2006 01:17 AM
Here it is:
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(4)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 27-Oct-05 11:24 by ccai
ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)
2811_Gateway1 uptime is 3 weeks, 2 days, 20 hours, 11 minutes
System returned to ROM by reload at 15:04:12 GTB Fri Aug 4 2006
System restarted at 15:05:20 GTB Fri Aug 4 2006
System image file is "flash:c2800nm-spservicesk9-mz.124-4.T.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.
Processor board ID FCZ0946707C
2 FastEthernet interfaces
31 Serial interfaces
1 ISDN Basic Rate interface
1 Channelized E1/PRI port
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Thank you for your help
03-11-2019 04:43 AM
This is due to 'transport input telnet' on the AUX port. To disable, do:
line aux 0
no transport input
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide