| VID |
29038 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS has a TCP initial sequence number prediction vulnerability (CISCO Bug ID CSCds04747). When the TCP initial sequence number (ISN) is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets can spoof TCP services because their authentication is based on IP addresses. Further, attackers can perform IP address spoofing and session hijacking to gain access to unauthorized information.
* Note: This check solely relies on the version number of the remote system to assess this vulnerability, so this may be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml
http://www.ciac.org/ciac/bulletins/l-053.shtml
http://www.cert.org/advisories/CA-2001-09.html
* Platforms Affected:
See the Cisco Security Advisory in 'References' above. |
| Recommendation |
Upgrade to the fixed versions of Cisco IOS, as listed in Cisco Security Advisory at:
http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml
Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com .
As a workaround, limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices. |
| Related URL |
CVE-2001-0328 (CVE) |
| Related URL |
2682 (SecurityFocus) |
| Related URL |
139 (ISS) |
|
