“A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.” reads the Cisco Security Advisory.
NetFlow Generation Appliances are used in enterprise data centers to monitor Gigabit Ethernet high-throughput networks.
According to Cisco, the vulnerability resides in the hardware’s Stream Control Transmission Protocol (SCTP) used by the appliance.
The flaw is due to incomplete validation of SCTP packets being monitored on the Cisco NetFlow Generation Appliance data ports. The attackers can trigger the flaw by sending malformed SCTP packets on a network that is monitored by an NGA data port.
“SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI.” continues the advisory.
The bug impacts Cisco NetFlow Generation Appliances NGA 3140, NGA 3240 and NGA 3340.
Cisco this week has released a security patch for its devices and the IT giant confirmed that there are no workarounds to fix the issue. Users need to apply the security update (Cisco NetFlow Generation Appliance Software release 1.1 (1a)) that fixes the bug as soon as possible.
The security patch is not available for the model NGA 3140 because it was dismissed on January 11, 2014.
(Security Affairs – Cisco NetFlow Generation Appliance, DoS)