Check or Attack Name: CiscoIOS

The system may crash and reload if an untrusted and unauthenticated user gains access to the login prompt of a router or other Cisco IOS device. An attacker who wants to exploit this denial of service attack does not need to log in to the device; establishing a terminal connection is sufficient.

This vulnerability is present in classic Cisco IOS version 9.1 up to the corrected versions listed in the Cisco Field Notice.

IOS v9.1 to v10.3 users should upgrade to the latest supported version for the device. An interim release of 11.0(20.3) is immediately available, and the first supported release containing the fix will be 11.0(21).

As with any software upgrade, you should verify that your hardware can support the new software before upgrading. The most common problem is inadequate RAM.

Temporary Fix: Prevent interactive access to the Cisco IOS device from the following access points:

• IP-based: Use the 'ip access-class' line configuration to apply an access list to all virtual terminals.
• Asynchronous: Apply the 'no exec' configuration command to lines used by untrusted users.
• Virtual terminals: Use the 'transport input none' command for lines used by untrusted users.

Patches: Cisco customers with contracts should obtain upgraded software through their regular update channels (generally via Cisco's web site). Customers without contracts should contact Cisco TAC at tac@cisco.com, and should refer to the URL of the Cisco Field Notice as evidence of their entitlement.

Cisco Systems Field Notice, Cisco IOS Remote Router Crash, http://www.cisco.com/warp/public/770/ioslogin-pub.shtml

CIAC Information Bulletin I-084, Cisco IOS Remote Router Crash, http://ciac.llnl.gov/ciac/bulletins/i-084.shtml