Cisco Finds ADM Security Flaw

The company discloses a weakness that could open its 15000 series of ADMs to denial-of-service attacks

July 22, 2004

2 Min Read
Light Reading logo in a gray background | Light Reading

Cisco Systems Inc. (Nasdaq: CSCO) has discovered a potential denial-of-service vulnerability on its 15000 series of add/drop multiplexers (ADMs).

The company issued an alert on its Website yesterday and made patches available to block the problem on the 15454 and 15327 lines. The Cisco 15600 is affected as well, but the problem isn't so severe. "There's limited impact on the 15600, so the patch will be available with the next release in September," the spokesman says.

Cisco discovered the flaw. "We don't know of any exploitation so far," a spokesman says.

The problem arises when "malformed" packets repeatedly hit one of the ADMs, causing control cards to reset. Done properly (or improperly, based on your point of view), the problem could paralyze the system.

Cisco isn't offering a definition of "malformed," probably because officials don't want to release a step-by-step explanation of how to bomb out one of the boxes. It's worth noting that the cards in question don't usually connect to the Internet, which limits the possibilities of exploiting the problem.

Still, as always, there's a lesson to be learned on the security front.

"This is a reminder of the pros and cons of moving the transmission management plane over to IP," says Geoff Bennett, chief technologist of Heavy Reading, Light Reading's paid research service. "On the positive side, it's possible for a carrier to manage a wide range of multivendor equipment via a private, overlay IP management network. But that overlay network has to be rigorously firewalled, or even physically separated from any customer-facing network, be it public or private."

The issue gets particularly tricky for Cisco given the number of products it's inherited from acquired companies -- the 15454 and 15327 being vestiges of the Cerent Corp. acquisition, for example. "Longer term, Cisco has to make these devices, which are acquired products, of course, as bulletproof as their home-grown boxes," Bennett says.

The security alert can be found at http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml.

— Craig Matsumoto, Senior Editor, and Peter Heywood, Founding Editor, Light Reading

Archives of Related Light Reading Webinars:

  • Intrusion Prevention: Preempting Network Attacks

  • Security: Big Issues, Big Advances

Read more about:

Omdia
Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like