Vulnerable Systems:
* IDS-4235
* IPS-4240
* IDS-4250-SX
* IDS-4250-TX
* IDS-4250-XL (4250 with XL accelerator card)
* IPS-4255
Immune Systems:
* NM-CIDS
* IDSM-2
* ASA-SSM-AIP-10
* ASA-SSM-AIP-20
* IDS-4210
* IDS-4215
* IDS-4220
* IDS-4230
Cisco Intrusion Prevention Systems (IPS) are a family of networksecurity devices that provide network based threat prevention services.A vulnerability exists in the custom device driver for Intel-basedgigabit network adapters used to process packets received by thesensing interfaces of certain IPS devices. A malformed IP packetreceived on an Intel-based gigabit network adapter configured for useas a sensing interface may result in the IPS device experiencing akernel panic. Affected IPS devices will cease processing packets,producing alerts, performing automated actions such as logging, andbecome inaccessible remotely or via the console.
If deployed as an inline device, the IPS will also stop forwardingpackets between interfaces and may cause a network outage. IPS devicesconfigured to use the auto-bypass feature will also fail to forwardpackets. Attackers may use this vulnerability to disable an IPS deviceto hide malicious activity. This vulnerability only affects certain IPSdevices configured to use Intel-based gigabit network adapters assensing interfaces. IPS devices configured to use an Intel-basedgigabit network adapter as a management interface are not affected bythis vulnerability. A power reset is required to recover the IPS device.
