Cisco fixes flaw in IOS software

Cisco Systems has made known a potentially devastating security vulnerability in its operating system software that could allow an attacker to intercept and modify traffic going to and from routers and switches.

According to an advisory note issued by Cisco, the Internetworking Operating System (IOS) software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers (ISN).

The flaw, which represents a major problem for network administrators, affects the security of TCP connections that originate or terminate on the affected Cisco device itself, and does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.

The numbers, which are exchanged by the sending and receiving hosts, are meant to be selected randomly. Each following packet then contains a sequence number that is based on the ISN as well as the number of bytes transferred to the receiving host.

If the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, then an attacker could assume a particular number in the sequence and forge one half of the TCP connection or take control of an existing connection between two hosts. The attacker would then be in a position to bring forged packets into a network.

The vulnerability affects almost all of Cisco routers and switches but not the company's voice gateways, optical switches or firewalls.

To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. Cisco officials said no attacks have been reported.