Cisco 1800 Series Integrated Services Routers (ISR) contain a vulnerability in the hardware entropy collection module when the Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) is configured and connected to a public switched network. This could allow an attacker with knowledge of the ISDN phone number of the affected device to trigger a denial of service (DoS) condition.
The vulnerability is due to an interrupt timer collision that causes the hardware encryption module to enter a corrupted state, causing the device to become unresponsive. An attacker would need to perform the attack exactly when the device polls the hardware encryption module to perform entropy collection.
The affected devices have reached the End of Software Maintenance milestone. Fixed software will not be released.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker must obtain additional knowledge of the targeted device, such as whether ISDN BRI is configured and connected to an active switched network and whether a service that requires encryption entropy collection is enabled. The additional knowledge requirement may decrease the likelihood of a successful exploit.
End-of-life notices for the affected platforms are at the following link: http://www.cisco.com/c/en/us/products/routers/1800-series-integrated-services-routers-isr/eos-eol-notice-listing.html