NCS 6000 and ASR 5000 routers need some lovin’
Cisco has patched two vulnerabilities, including a remote denial of service bug in its Network Convergence System routers.
Attackers can send packets to TCP listening ports running SSH, secure copy protocol, and secure FTP that can overwhelm NCS 6000 routers and cause processors to reload.

The Borg rates the vulnerability (CVE-2016-1426) as highly critical on account of it offering a method to remotely disrupt routers in certain configurations.
“The vulnerability is due to improper management of system timer resources,” Cisco says in an advisory.
“An exploit could allow the attacker to cause a leak of system timer resources, leading to a non-operational state and an eventual reload of the route processor on the affected platform.”
The second, more boring, bug is graded medium severity and strikes SNMP configuration management messes in ASR 5000 enterprise routers older than versions 19.5 and 20.1.
It allows remote attackers to mess with device configurations using SNMP community strings.
“An attacker could perform an SNMP query to the affected device to view the SNMP community string,” Cisco says. “An exploit could allow the attacker to read and modify the device configuration using the disclosed SNMP read-write community string.”
There are no workarounds available for either flaw meaning admins must apply the patch or risk the chance of downtime. ®
Sponsored: Global DDoS threat landscape report

Leave a Reply