Published on: 24 September 2015
Cisco has released three security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. An unauthenticated remote attacker could exploit the vulnerabilities in relation to several functions or protocols including SSH version 2 (SSHv2) using RSA-based user authentication, Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services, and IPv6 snooping feature configured.
There are a multitude of attack vectors, a remote attacker could try to authenticate via SSHv2 using a crafted private key, send malformed IPv4 packets, IPv6 neighbor discovery (ND) packets or specially crafted packets to a vulnerable device.
The complete list of vulnerable systems can be found in the "Affected Products" section of individual Cisco Security Advisory available at:
01. Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
02. Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-iosxe
03. Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs
Depending on the vulnerability exploited, a successful attack could cause a Denial of Service (DoS) condition, reload or gain limited control of a vulnerable device.
Patches for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Obtaining Fixed Software" of corresponding security advisory at vendor's website.
Users should contact their product support vendors for the fixes and assistance.
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-iosxe
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs
https://www.hkcert.org/my_url/en/alert/15092401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6282