Guest

Preview Tool

Cisco Bug: CSCzv82834 - IP headers includes an ID filed that potentially can be misused

Last Modified

Feb 05, 2017

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.1.3-010 7.1.5-101 7.5.0-000 7.5.1-102 7.5.2-014 7.6.1-022 7.6.3-019 8.0.0-000 8.0.1-023

Description (partial)

Symptom:
Cisco Email Security Appliances utilize the TCP/IP ID Field in a predictable manner that conforms to RFC 1122.  Utilizing sequential values for the ID 
field can allow an entity with the ability to intercept the traffic to determine certain characteristics about the transit network from which the packets were 
sent.  This may also help an external entity to ''fingerprint'' or determine the type of operating system running on the device.

Best practice today dictates that TCP/IP v4 ID Fields should be generated randomly to help mitigate these types of concerns.  This defect has been filed 
to request that Cisco IronPort appliances randomize the IP ID field.

Conditions:
Cisco Ironport Appliances that do not contain the remediation for this issue are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.