& cplSiteName &

Cisco Finds ADM Security Flaw

Light Reading
News Analysis
Light Reading
7/22/2004

Cisco Systems Inc. (Nasdaq: CSCO) has discovered a potential denial-of-service vulnerability on its 15000 series of add/drop multiplexers (ADMs).

The company issued an alert on its Website yesterday and made patches available to block the problem on the 15454 and 15327 lines. The Cisco 15600 is affected as well, but the problem isn't so severe. "There's limited impact on the 15600, so the patch will be available with the next release in September," the spokesman says.

Cisco discovered the flaw. "We don't know of any exploitation so far," a spokesman says.

The problem arises when "malformed" packets repeatedly hit one of the ADMs, causing control cards to reset. Done properly (or improperly, based on your point of view), the problem could paralyze the system.

Cisco isn't offering a definition of "malformed," probably because officials don't want to release a step-by-step explanation of how to bomb out one of the boxes. It's worth noting that the cards in question don't usually connect to the Internet, which limits the possibilities of exploiting the problem.

Still, as always, there's a lesson to be learned on the security front.

"This is a reminder of the pros and cons of moving the transmission management plane over to IP," says Geoff Bennett, chief technologist of Heavy Reading, Light Reading's paid research service. "On the positive side, it's possible for a carrier to manage a wide range of multivendor equipment via a private, overlay IP management network. But that overlay network has to be rigorously firewalled, or even physically separated from any customer-facing network, be it public or private."

The issue gets particularly tricky for Cisco given the number of products it's inherited from acquired companies -- the 15454 and 15327 being vestiges of the Cerent Corp. acquisition, for example. "Longer term, Cisco has to make these devices, which are acquired products, of course, as bulletproof as their home-grown boxes," Bennett says.

The security alert can be found at http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml.

— Craig Matsumoto, Senior Editor, and Peter Heywood, Founding Editor, Light Reading


Archives of Related Light Reading Webinars:

(5)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
lightmyfiber
lightmyfiber
12/5/2012 | 1:25:54 AM
re: Cisco Finds ADM Security Flaw
"Longer term, Cisco has to make these devices, which are acquired products, of course, as BULLETPROOF as their home-grown boxes," Bennett says.


Geoff Bennett, chief technologist of Heavy Reading, Light Reading's PAID research service
routingfool
routingfool
12/5/2012 | 1:25:53 AM
re: Cisco Finds ADM Security Flaw
No box is BULLETPROOF, so vendors have to work together on this front. If vendor J thinks its funny that something is wrong with vendor E, C or F,etc.. lookout you will be waving a white flag sooner or later
turing
turing
12/5/2012 | 1:25:50 AM
re: Cisco Finds ADM Security Flaw
When does a product become home-grown? Aren't most of their products (and the company really) a set of acquired pieces? Other than the AGS, CGS, and 3k. After that it's been Crescendo, Kalpana, Lightstream, Grand Junction, Stratacom, etc. Not that that's bad (they handle it very well). just saying most of their stuff was based on some acquisition at some point I would think.
Except maybe GSRs, but they had a nasty and public bad-packet bug last summer too.
routingfool
routingfool
12/5/2012 | 1:25:48 AM
re: Cisco Finds ADM Security Flaw
as I mentioned before everyone has vulnerabilites they should not be used to make your arguments or comments, by the way to complement to C-guys here is one from the J-guys :-(

"Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 memory leak Vulnerability Note VU#658859"
Tony Li
Tony Li
12/5/2012 | 1:25:46 AM
re: Cisco Finds ADM Security Flaw
The 4000, 4500, 7000, 7200, 7500, and GSR were all "home grown", as were many more...

Tony
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events