-
The CSS 11000 Series Content Services Switches are vulnerable to a Denial of Service (DoS) attack caused by malformed UDP packets received over the management port.
This vulnerability is documented as Cisco bug ID CSCed45747. There is no workaround available to mitigate the effects of this vulnerability. Cisco is providing fixed software, and customers are recommended to upgrade to it.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040304-css.
-
Vulnerable Products
The CSS 11000 Series Content Services Switches (formerly known as Arrowpoint) consist of the CSS 11050, CSS 11100, CSS 11150, and CSS 11800 hardware platforms. They run the Cisco WebNS software.
To determine your hardware model and software revision, type show chassis at the command line prompt.
WebNS Release Train
Affected Releases
5.0(x)
earlier than 05.0(04.07)S
6.10(x)
earlier than 06.10(02.05)S
Products Confirmed Not Vulnerable
For clarification, the CSS 11500 Series Content Services Switches consisting of 11501, 11503, and 11506 , the Cisco Global Site Selector (GSS) series switches, and the Content Switching Module (CSM) are not affected by this vulnerability.
No other Cisco products are currently known to be affected by this vulnerability.
-
If malformed UDP packets are sent to UDP port 5002, the default port for app-udp, on the management port of the CSS 11000 Series Content Services Switch running Cisco WebNS release 5.0(x) and 6.10(x) release trains the switch may reload. This vulnerability exists even when the Network Proximity feature is not configured on the CSS 11000 Series Content Services Switch. Please refer to http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_610/advcggd/proximty.htm for more details on the Network Proximity feature.
Access to the management port of the CSS 11000 Series Content Services Switches is available solely through the physical management interface on the device; access via circuit VLANs is not implemented, and therefore the vulnerability can only be exploited through the management port.
This vulnerability is documented in the Cisco Bug Toolkit ( registered customers only) as Bug ID CSCed45747. Cisco WebNS release 7.10(x), 7.20(x), and 7.30(x) release trains have also had code changes but due to architectural differences they are not affected by this vulnerability.
The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.
-
There is no workaround for this vulnerability. Customers may be able to mitigate the affects of the vulnerability by controlling access to the UDP port 5002 on the management port of the CSS 11000 Series Content Services Switch to allow access only from required network devices or by disallowing access if the Network Proximity feature is not configured.
The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code.
-
WebNS Release Train
Fixed Releases
5.0(x)
05.0(04.07)S and later
6.10(x)
06.10(02.05)S and later
The procedure to upgrade to a fixed software version is available under "Upgrading Your CSS Software" in the CSS Administration Guide (for version 6.x), or "Upgrading Your CSS Software" in the CSS Basic Configuration Guide (for version 5.x). The steps can be accessed online at http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_610/admgd/upgrade.htm.
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco PSIRT by Timothy Arnold.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.2
2005 February 2
Fixed broken link to the upgrade procedure document in the Software Versions and Fixes section.
Revision 1.1
2004 March 04
Added CSS 11100 to the affected products section.
Revision 1
2004 March 04
Initial Release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.