Cisco announced that a security glitch touching on Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database had been fixed in the new versions of affected products.
The developer warns that this vulnerability could allow a potential attacker to take complete control of the OSPF Autonomous System (AS) domain routing table, blackhole and intercept traffic without having to go through an authentication process.
According to Cisco, leveraging this security flaw involves determining certain parameters in the LSA database on the target’s router and injecting crafted OSPF packets; successful exploitation would result in flushing the routing table and sending the crafted OSPF LSA type 1 update through the targeted domain.
“Network devices running the OSPF protocol may be impacted by this vulnerability if they receive a crafted LSA type 1 packet. This packet does not have to be acknowledged, and it can originate from a spoofed IP address,” the developer notes.
However, the intruder needs to know certain parameters in order to be successful, such as the network placement and the IP address of the targeted device, the sequence numbers for the Link State Advertisement database, and the ID of the OSPF Designated Router.
The affected products are: Cisco ASR 5000, Cisco NX-OS Software, Cisco Firewall Services Module (FWSM), Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM) and Cisco Pix Firewall, Cisco IOS-XE Software, and Cisco IOS Software.