Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2
Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.
A remote user can access sites without the billing policy being enforced. A remote user can access sites via HTTP without the billing policy being enforced [CVE-2011-0348]. A remote user can also access URLs that are explicitly denied. The Cisco Content Services Gateway - Second Generation (CSG2), which runs on the Cisco Service and Application Module for IP (SAMI), is affected. Cisco has assigned Cisco Bug ID CSCtk35917 to this vulnerability.
A remote user can send specially crafted data to cause the target device to hang and stop passing traffic [CVE-2011-0349, CVE-2011-0350]. A manual reload of the SAMI card may be required to return to normal operations. Only Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 is affected. Cisco has assigned Cisco Bug IDs CSCth17178 and CSCth41891 to this vulnerability.
The Cisco Content Services Gateway - 1st Generation (CSG) is not affected by these vulnerabilities.
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.