Cisco IOx Application Framework Denial of Service Vulnerability

Available Languages

Updated:March 24, 2021
Document ID:1616608387406583

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Security Advisory

Cisco IOx Application Framework Denial of Service Vulnerability

Medium
Advisory ID:
cisco-sa-iox-dos-4Fgcjh6
First Published:
2021 March 24 16:00 GMT
Version 1.0:
Final
Workarounds:
No workarounds available
CVE-2021-1460
CWE-400
CVSS Score:
Base 5.3Click Icon to Copy Verbose Score
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
CVE-2021-1460
CWE-400

Summary

  • A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

    This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-4Fgcjh6

Affected Products

  • Vulnerable Products

    At the time of publication, this vulnerability affected the following Cisco products if they were running a software release earlier than the first fixed release for that device and were configured with the Cisco IOx application hosting environment:

    • 809 Industrial ISR: Cisco IOS Software earlier than Release 15.9(3)M3
    • 829 Industrial ISR: Cisco IOS Software earlier than Release 15.9(3)M3
    • CGR 1000 Compute Module: CGR 1000 IOx Compute Platform Firmware earlier than Release 1.12.0.3
    • IC3000 Industrial Compute Gateway: Industrial Compute Gateway Software earlier than Release 1.3.2

    See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

    Assess the IOx Application Framework

    Use the following subsections to determine whether a device is configured with the Cisco IOx application hosting environment:

    Cisco 809 and 829 Industrial Integrated Services Routers

    For Cisco 809 and 829 Industrial ISRs, to determine whether the Cisco IOx application hosting environment is enabled on a device, use the show iox host list detail | include OS status command at the device CLI.

    The following example shows the output of the command for a device that has the Cisco IOx application hosting environment enabled:

    Router#show iox host list detail | include OS status
    OS status: 		RUNNING

    If this command does not exist, or if it produces output that does not show RUNNING in the OS status field, the device is not affected by this vulnerability.

    Cisco CGR 1000 Compute Module

    For Cisco CGR 1000 Compute Module, to determine the status of IOx functionality, use the show iox host list detail | include IOX Server is running CLI command, as shown in the following example:

    CGR1000#show iox host list detail | include IOX Server is running
     IOX Server is running.  Process ID: 305
CGR1000#

    Cisco IC3000 Industrial Compute Gateway

    On the Cisco IC3000 Industrial Compute Gateway, the Cisco IOx functionality is enabled by default.

    To determine the status of the IOx functionality, use the show iox summary CLI command, as shown in the following example:

    ic3k>show iox summary
    IOx Infrastructure Summary:
    eid: IC3000-2C2F-K9+FOC2227Y2UD
    pfm: IC3000-2C2F-K9
    s/n: FOC2227Y2UD
    images: Lnx: 0.13.31., IOx: 1.12.0:r/1.12.0.0:0c30349
    boot: 2021-02-25 15:06:08
    time: 2021-02-26 20:36:22
    load: 20:36:22 up 1 day, 5:30, 1 user, load average: 0.37, 0.35, 0.43
    memory: ok, used: 2637/7735 (34%)
    disk: warning, used: /:664640/750628 (88%), /software:85834912/87069676 (98%)
    process: ok, running: 5/5
    networking: ok
    logs: warning, errors: caf (6109)
    apps: ok, Cisco_Cyber_Vision (R)
     

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following Cisco products:

    • Other platforms that support IOx
    • IOX XE Software
    • IOS XR Software
    • NX-OS Software

Details

  • The Cisco IOx Application Framework is the management interface that administrators can use to manage, administer, monitor, and troubleshoot apps on the host system, and to perform a variety of related activities. Exploitation of this vulnerability could allow an attacker to cause the application management functionality to become unavailable.

Workarounds

  • There are no workarounds that address this vulnerability.

Fixed Software

  • When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

    Fixed Releases

    At the time of publication, the following Cisco software releases contained the fix for this vulnerability:

    • 809 Industrial ISRs: Cisco IOS Software Releases 15.9(3)M3 and later
    • 829 Industrial ISRs: Cisco IOS software Releases 15.9(3)M3 and later
    • CGR 1000 Compute Module: CGR 1000 IOx Compute Platform Firmware releases 1.12.0.3 and later
    • IC3000 Industrial Compute Gateway: Industrial Compute Gateway Software releases 1.3.2 and later

    See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

  • This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Related to This Advisory

URL

Revision History

  • Version Description Section Status Date
    1.0 Initial public release. Final 2021-MAR-24
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Related to This Advisory