Title: Cisco Spoofed HSRP Loopback Denial Of Service Vulnerability
Severity: MODERATE
Description:
IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco. Hot Standby Routing Protocol (HSRP) is a protocol used to allow multiple routers to dynamically act as backups in the event of router failure. HSRP traffic takes place over UDP port 1985.
A vulnerability has been reported in some versions of IOS. It may be possible for maliciously constructed HSRP traffic to create a loop condition, resulting in a denial of service attack.
HSRP functions, in part, by having IP devices use a 'phantom' IP address as their router. All cooperating routers then forward this traffic to a designated active router which functions normally. Additional routers are considered to be in a standby mode. In the event that this router fails, the 'phantom' IP address is dynamically reassigned to a different router.
In order to exploit this vulnerability, an attacker must ask a router to use it's own IP address as the phantom IP, and put the router into standby mode. Traffic directed to the phantom router will then be forwarded in a loop, resulting in a denial of service condition.
It has been reported that this attack is only possible from a network segment local to the router.
Normally this behavior would be prevented. However, it has been reported possible to cause this condition in version 12.1 of IOS. Other versions of IOS may share this vulnerability, this has not however been confirmed. This issue has been assigned Cisco Bug ID CSCdu38323.
Affected Products:
- Cisco IOS 12.1
References:
- Cisco Systems: Cisco Call Manager Express
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
