Symantec, the world leader in Internet security, today announced it is increasing the Symantec Security Response ThreatCon alert to a level three after a functional exploit for the Cisco IOS Malicious IPV4 Packet Sequence denial of service vulnerability was released into the wild.
Symantec's ThreatCon rating provides an overall view of global Internet security. The exploit code, which would allow users to take advantage of the vulnerability, was posted to a public mailing list on Friday, 18 July at 3am EDT.
Symantec's ThreatCon level three applies when an isolated threat to the computing infrastructure is currently under way. Under this condition, Symantec recommends that information technology organisations increase monitoring, deployment and reconfiguration of security systems. Symantec's ThreatCon Rating is based on a 1-4 rating system with a level four being the highest threat level. The Symantec ThreatCon rating was previously elevated to a level three in response to CodeRed, the SQL Slammer worm and BugbearB.
"This is a serious vulnerability as it affects a significant number of infrastructure devices, on both corporate and core Internet networks," said Patrick Evans, regional manager for Africa at Symantec. "Because of the critical nature of the affected devices and known exploit code, Symantec Security Response strongly advises administrators running vulnerable versions of Cisco IOS to apply the associated patches immediately if they have not already done so."
At the time of this release, Symantec Security Response is not aware of any attempts to automate the exploit code to attack a large range of IP addresses. Symantec Security Response will continue to monitor any unusual activities through its 19 000 sensors and its worldwide Security Operation Centres.
Symantec DeepSight customers are protected against the vulnerability through updated Snort signatures sent by the DeepSight Threat Analyst Team. Snort is an open source, network intrusion detection system. Symantec's network intrusion protection solution, Symantec ManHunt, supports these Snort signatures. Symantec is also developing a customised signature for Symantec ManHunt customers to download that will detect this exploit for the Cisco vulnerability.
By default, Symantec Enterprise Firewall, Symantec Gateway Security and Symantec VelociRaptor block all protocols that are mentioned in the CISCO IOS Malicious IPV4 Packet Sequence denial of service vulnerability. However, IT administrators still need to apply all appropriate patches and explicitly deny the above mentioned protocols by configuring an access control list on all Cisco devices.
Share
Symantec Security Response is a team of dedicated intrusion experts, security engineers, virus hunters, and global technical support teams that work in tandem to provide extensive coverage for enterprise businesses and consumers. Symantec Security Response provides customers with comprehensive, global, 24x7 Internet security expertise to guard against today's complex Internet threats.
Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, California, Symantec has worldwide operations in 36 countries. For more information, please visit www.symantec.com.
Editorial contacts