In association with heise online

01 March 2007, 14:09

Vulnerability permits takeover of Catalyst switches

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has reported multiple vulnerabilities in its Catalyst series switches. An attacker can gain complete control of a device by sending manipulated packets with a faked address, that of the Network Analysis Module (NAM) running on the switch, to the SNMP service. Cisco does not give further details. Cisco Catalyst 6000, Catalyst 6500 and Catalyst 7600 which have a NAM installed, and IOS or CatOS, are affected.

In addition, devices can be caused to restart using prepared MPLS (Multi Protocol Label Switching) packets. Because MPLS is not a routable protocol, the attack must originate from the local network segment, and this minimises the risk. Only Catalyst 6000, Catalyst 6500 and Catalyst 7600, when running in hybrid mode (CatOS on the supervisor and IOS on the switching card (MSFC)) or in "IOS Software Modularity" mode, are affected. A vendor update fixes both problems.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit