Article

Security hole in Cisco IOS

Bill Brenner

Cisco Systems has upgraded its Internetwork Operating Software (IOS) to fix a security hole malicious people could use to unleash denial-of-service

    Requires Free Membership to View

attacks.

According to the San Jose, Calif.-based networking giant, IOS release trains 12.1YD, 12.2T, 12.3 and 12.3T may contain a vulnerability when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST). The problem is in how certain malformed control protocol messages are processed, the company said, adding, "A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a denial of service."

Cisco has made free software upgrades available "to address this vulnerability for all affected customers."

Dan Jackson, president and COO of Dallas-based security firm DeepNines Technologies, warned in a statement that this flaw could signal a greater threat to routers going forward. "From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," he said. "Where there's smoke, there's fire -- meaning these won't be the last router vulnerabilities we hear about this year."

He added: "Cisco's greatest asset, its large market share, could become one of its most glaring weaknesses. Just as Microsoft's market share makes it a target for attackers, so, too, Cisco could begin to suffer attacks more regularly. The real problem is that there has been virtually no protection for routers…"

That assessment is in contrast to that of Danish security firm Secunia, which labels the IOS problem "less critical" in its advisory.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: