Guest

Preview Tool

Cisco Bug: CSCul77897 - Cisco 1800 Series ISR Entropy Collection Denial of Service

Last Modified

Feb 13, 2018

Products (103)

  • Cisco IOS
  • Cisco AS5400XM Universal Gateway
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco VG224 Analog Voice Gateway
  • Cisco 888W Integrated Services Router
  • Cisco 1812 Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco 1803 Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.1(4)M3

Description (partial)

Symptom:
Cisco 1800 series internet service routers (ISR) contain a vulnerability in the hardware entropy collection module when the ISDN basic rate interface (BRI) is configured and connected to a public switched network.  This could allow an attacker that knows the ISDN phone number of the affected device to trigger a denial of service condition.

The vulnerability exists due to an interrupt timer collision that causes the hardware encryption module to enter a corrupted state, resulting in the device becoming unresponsive.  An attacker would need to preform the attack exactly when the device polls the hardware encryption module to preform entropy collection.

Conditions:
Cisco 1800 series ISR devices running IOS version 15.1(4)M2 or later

Service requiring encryption entropy collection such as IPSec, is enabled

ISDN Basic Rate Interface (BRI) is configured and connected to an active switched network
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.