Refense Technologies, the leader in Vulnerability & Compliance management for mission critical network infrastructure, today released an update that provides its customers with the ability to identify and mitigate three router & switch vulnerabilities within Cisco’s Internet Operating System (IOS) software. A warning issued by US Computer Emergency Readiness team (CERT) informed users that a remote attacker would be able to execute code on affected devices. In the best case scenario, a successful exploit will cause the router to crash, with repeated crashes creating a denial of service situation. However, because the flaw can lead to memory corruption, it could possibly be leveraged to allow remote attackers to execute malicious code.
Refense VMS, a vulnerability management solution for network devices (Routers, Switches & Wireless Access Points) provides instant visibility to these router & switch vulnerabilities that could enable a malicious individual to commit denial of service attacks against corporate networks & websites, as well as let a hacker run arbitrary code on an affected device. Refense’s CTO, Erkang Zheng, said “Our Security Research Center (SRC) immediately responded to these severe threats and released three updated security checks to all Refense VMS appliances”. Erkang further stated, “All Refense customers are now equipped with the ability to run immediate scans on their network devices to identify and mitigate the threats by using the following three security checks:”
- Crafted TCP Packet Causing Denial of Service
- Crafted IP Option Vulnerability
- IPv6 packet header Vulnerability
Cisco on Wednesday said it has fixed three vulnerabilities in IOS, the operating system that runs its switches and routers, two of which could potentially allow remote attackers to gain complete control over an affected device. A statement from Cisco said: "Cisco is aware of multiple vulnerabilities that may impact Cisco IOS and IOS XR devices, and has published three separate security advisories about them”. Users are being told to upgrade to a fixed version of IOS.
