Wednesday, March 28, 2018

Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities

The Cisco IOS Login Enhancements (Login Block) Feature

The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible DoS attack is detected.

The login block and login delay options introduced by this feature can be configured for Telnet or SSH virtual connections. By enabling this feature, you can slow down “dictionary attacks” by enforcing a “quiet period” if multiple failed connection attempts are detected, thereby protecting the routing device from a type of DoS attack.

Further information on the Login Enhancements (Login Block) feature is available in the Cisco IOS Security Configuration Guide.

Vulnerability Details

Two vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.

The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.

Details about the vulnerabilities are as follows.

Cisco IOS Software Login Block Denial of Service Vulnerability

A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

The vulnerability is due to an attempt to free an area of memory that has not been previously allocated. An attacker could exploit this vulnerability by attempting to log in to an affected device via Secure Shell (SSH) or Telnet with invalid credentials multiple times.

This vulnerability is exploitable only if both of the following conditions are met:

  • login quiet-mode access-class has been configured prior to configuring login block-for. These features are not enabled by default.
  • The device has not been reloaded since that configuration occurred.

The Common Vulnerabilities and Exposures (CVE) ID for this vulnerability is: CVE-2018-0179

The Security Impact Rating (SIR) for this vulnerability is: Medium

The Cisco bug ID for this vulnerability is: CSCuy32360

Cisco IOS Software Login Block Denial of Service Vulnerability

A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

The vulnerability is due to an attempt to free an area of memory that has not been previously allocated. An attacker could exploit this vulnerability by attempting to log in to an affected device via SSH or Telnet with invalid credentials multiple times while the administrator modifies the login block-for configuration.

This vulnerability is exploitable only if login block-for has been configured on an affected device. This feature is not enabled by default.

The CVE ID for this vulnerability is: CVE-2018-0180

The SIR for this vulnerability is: Medium

The Cisco bug ID for this vulnerability is: CSCuz60599



from Cisco Security Advisory https://ift.tt/2pRDwo3

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.