Vulnerability permits takeover of Catalyst switches
Cisco has reported multiple vulnerabilities in its Catalyst series switches. An attacker can gain complete control of a device by sending manipulated packets with a faked address, that of the Network Analysis Module (NAM) running on the switch, to the SNMP service. Cisco does not give further details. Cisco Catalyst 6000, Catalyst 6500 and Catalyst 7600 which have a NAM installed, and IOS or CatOS, are affected.
In addition, devices can be caused to restart using prepared MPLS (Multi Protocol Label Switching) packets. Because MPLS is not a routable protocol, the attack must originate from the local network segment, and this minimises the risk. Only Catalyst 6000, Catalyst 6500 and Catalyst 7600, when running in hybrid mode (CatOS on the supervisor and IOS on the switching card (MSFC)) or in "IOS Software Modularity" mode, are affected. A vendor update fixes both problems.
- Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability, security advisory from Cisco
- Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability, security advisory from Cisco