Multi-Gigabit Ethernet Featured Article

Cisco Warns of Vulnerability in NetFlow Multi-Gigabit Ethernet Solution

March 09, 2017

Networking giant Cisco is warning users of vulnerabilities in its line of NetFlow network traffic monitoring solutions. Cisco NetFlow appliances are typically installed in large data center locations to monitor multi-gigabit Ethernet networks. The vulnerability, which has been identified in NGA models 3140, 3240 and 3340, has the potential to cause the system to lock up. The fault lies in the Stream Control Transmission Protocol (SCTP) decoder of the NetFlow Generation Appliance (NGA), which could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition, according to Cisco.

“The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports,” according to a Cisco security blog. “An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI.”

Cisco is warning users of the NetFlow solutions that there are no workarounds that address this vulnerability, which it has rated as high risk. The company has, however, released software updates that address the fault. Users of NetFlow solutions can determine whether a device is running a vulnerable release of the NGA using a “show version” command from the CLI.

“The appliances can be deployed at key observation points such as the server access layer, fabric path domains, and Internet exchange points,” according to Cisco. “Visibility is dramatically amplified when NGA is connected to multiple network devices, allowing Layer 2 and Layer 3 flows to be analyzed hop by hop, essential for security, capacity planning, and troubleshooting.”

Users of affected NetFlow versions can find the software updates here

Edited by Alicia Young

Article comments powered by Disqus