Vigil@nce : Cisco FWSM, denial of service via ICMP
August 2009 by Vigil@nce
An attacker can send malicious ICMP packets in order to stop the
FWSM module of Catalyst 6500 switches and Cisco 7600 routers.
Severity: 2/4
Consequences: denial of service of service
Provenance: internet client
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 20/08/2009
IMPACTED PRODUCTS
– Cisco Catalyst
– Cisco Router
DESCRIPTION OF THE VULNERABILITY
The FWSM module (Cisco Firewall Services Module) implements
filtering features.
When FWSM receives a series of ICMP packets over IPv4, a thread
locks. The forwarding traffic is then blocked.
An attacker can therefore send malicious ICMP packets in order to
stop the FWSM module of Catalyst 6500 switches and Cisco 7600
routers.
The Cisco Applied Mitigation Bulletin document indicates that
these ICMP packets can also be generated after a TFTP packet
requesting the "../../etc" file.
CHARACTERISTICS
Identifiers: 110460, 110824, BID-36085, cisco-amb-20090819-fwsm,
cisco-sa-20090819-fwsm, CSCsz97207, CVE-2009-0638,
VIGILANCE-VUL-8962
http://vigilance.fr/vulnerability/Cisco-FWSM-denial-of-service-via-ICMP-8962