Cisco Patches OSPF Fault

Cisco has released a patch for a vulnerable Open Shortest Path First (OSPF) routing implementation that gives attackers the opportunity to intercept traffic.

In an advisory released last week, the firm revealed that the fault "could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic."

OSPF packets can be created and sent to devices running the faulty code, and those packets would make the targeted router flush its routing table. A crafted OSPF Link State Advertisement (LSA) type 1 update can then be propagated through a targeted domain.

According to Cisco, OSPF is designed for managing traffic through an Autonomous System. It looks for the best route between source and destination by creating a database of link states and using that topology for routing decisions.

However, an attacker may inject a false route into the network, allowing him or her to view the traffic before sending it on to its intended destination.

"An attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability," the company added in its report.

According to The Register, the fault affects all unfixed versions of Cisco IOS Software, Cisco IOS XE Software, Cisco ASA Software, Cisco PIX Software and Cisco FWSM Software.