Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. The Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Workarounds that address this vulnerability are available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf
Router# show ip ospf interface
GigabitEthernet0/0/1 is up, line protocol is up Internet Address 192.168.2.4/24, Area 0, Attached via Network Statement Process ID 1, Router ID 10.10.10.4, Network Type BROADCAST, Cost: 1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Transmit Delay is 1 sec, State DR, Priority 1 . . .
Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide.Router# show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team . . .
To determine the version of software that is running on a Cisco ASA, Cisco ASA-SM, or Cisco Pix security appliances, use the show version command from the CLI. The following is an example of the output from the show version command:ciscoasa# show ospf interface brief Interface PID Area IP Address/Mask Cost State Nbrs F/C inside 1 1 10.10.10.1/255.255.255.0 10 WAIT 0/0 ciscoasa#
ciscoasa# show version | include Software Cisco Adaptive Security Appliance Software Version 9.3(1) ciscoasa#
switch# show version | grep system: system: version 7.3(1)D1(1) switch#
Router# show ip ospf database OSPF Router with ID (10.10.10.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.10.10.4 10.10.10.4 334 0x8000000E 0x00E29A 3 10.10.10.1 192.168.27.11 22 0x80000011 0x0062A8 3 10.10.10.2 10.10.10.2 298 0x80000018 0x00394A 2 10.10.10.3 10.10.10.3 305 0x80000020 0x00E715 3
ciscoasa# show ospf databaseOSPF Router with ID (192.168.1.2) (Process ID 1)Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count
10.10.10.4 10.10.10.4 334 0x8000000E 0x00E29A 310.10.10.1 192.168.27.11 22 0x80000011 0x0062A8 310.10.10.2 10.10.10.2 298 0x80000018 0x00394A 210.10.10.3 10.10.10.3 305 0x80000020 0x00E715 3 . . .
Refer to http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtml for more information about OSPF authentication.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
2.0 | Updated vulnerable product information to include Nexus 9000 devices, Nexus 3000 devices, and NX-OS Software configured with OSPFv3. | Affected Products | Final | 2017-August-03 |
1.1 | Added links to the Cisco IOS Software Checker. | Fixed Software | Final | 2017-July-28 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.