DESCRIPTION:
There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:
router#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#application
router(config-app)#service name http://ip_address/
router(config-app-param)#end
and the HTTP server responds with a special crafted HTTP response, the device will crash.
AFFECTED VERSIONS:
The vulnerability has been detected in a wide branch of Cisco IOS.
VENDOR RESPONSE:
http://tools.cisco.com/security/center/viewAlert.x?alertId=24436
CREDITS:
Jaime Blasco, Alienvault Labs
be_ixf;ym_202004 d_09; ct_50
- be_ixf; php_sdk; php_sdk_1.4.26
- https://cybersecurity.att.com/blogs/labs-research/advisory-cisco-ios-http-client-dos
- https://cybersecurity.att.com/blogs/labs-research/advisory-cisco-ios-http-client-dos
About the Author: Jaime Blasco
Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AT&T Cybersecurity, Jaime leads the Alien Labs Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AT&T, Jaime was Chief Scientest at AlienVault. Prior to that, he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.
Read more posts from Jaime Blasco ›
