Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug.
The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Many of them expect a fix by February 2019.
The products currently under investigation are from the routing and switching category, designed for enterprises and service providers. More specifically, the company is looking at the Application Policy Infrastructure Controller Enterprise Module (APIC-EM).
APIC-EM delivers software-defined networking and allows automation of policy-based application profile for quick deployment of devices across the network or adapt to new challenges.
Until a patch becomes available, Cisco recommends customers check the product-specific documentation for possible workarounds.
Administrators may be able to use rate limiting measures, like access control lists (ACL), to control the stream of fragmented packets reaching an interface.
In an advisory on Monday, Cisco reminds that off-device mitigations could also be a valid solution for controlling the flow of IP fragments.
Identified as CVE-2018-5391, FragmentSmack allows an unauthenticated attacker to increase CPU usage to maximum on an affected machine, rendering it unresponsive.
This is possible because of the inefficient algorithms available in the IP stack the Linux kernel uses for the reassembly of IPv4 or IPv6 packets.
Although the bug was first discovered on Linux, along with its sibling SegmentSmack, which relies on crafted TCP packets to trigger a DoS condition, FragmentSmack affects Windows operating systems, too. Patches are currently available for both Linux and Windows.
Systems under a DoS attack with FragmentedSmack are inoperable for the duration of the assault. As soon as the packet stream stops, the operating system returns to its normal functioning state.
Some of the routing and networking equipment currently identified as vulnerable include:
For a full list of the products known to be affected by FragmentSmack, you can check the advisory.